CVE-2023-45162

CRITICAL

1E Platform - Blind SQL Injection leading to Remote Code Execution

Title source: llm
STIX 2.1

Description

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this

Scores

CVSS v3 9.9
EPSS 0.0064
EPSS Percentile 46.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (4)
1e/platform 8.1.2
1e/platform 8.4.1
1e/platform 9.0.1
1e/platform 23.7.1
Published Oct 13, 2023
Tracked Since Feb 18, 2026