CVE-2020-13504
CRITICALAVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via AttFilterValue Parameter
Title source: llmDescription
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108
Scores
CVSS v3
9.8
EPSS
0.0118
EPSS Percentile
64.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
aveva/edna_enterprise_data_historian
3.0.1.2\/7.5.4989.33053
Published
Sep 24, 2020
Tracked Since
Feb 18, 2026