CVE-2024-9678

MEDIUM

DLP Extension <11.11.1.3 - SQL Injection

Title source: llm
STIX 2.1

Description

An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.

References (1)

Core 1
Core References

Scores

CVSS v3 4.9
EPSS 0.0074
EPSS Percentile 50.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Trellix/DLP Extension 11.11.1.3
Published Dec 16, 2024
Tracked Since Feb 18, 2026