CVE-2024-53007

MEDIUM

Bentley Systems ProjectWise Integration Server <10.00.03.288 - SQL ...

Title source: llm
STIX 2.1

Description

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

References (1)

Scores

CVSS v3 6.4
EPSS 0.0005
EPSS Percentile 15.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-648
Status published
Products (1)
Bentley/ProjectWise Integration Server < 10.00.03.288
Published Jan 31, 2025
Tracked Since Feb 18, 2026