{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-0857", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-01-24T11:54:56.046Z", "datePublished": "2024-07-18T17:32:35.662Z", "dateUpdated": "2026-06-03T14:38:41.970Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-03T14:38:41.970Z" }, "title": "SQLi in Universal Software's FlexWater Corporate Water Management", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] } ], "affected": [ { "vendor": "Universal Software Inc.", "product": "FlexWater Corporate Water Management", "versions": [ { "status": "affected", "version": "0", "lessThan": "5.452.0", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.\n\nThis issue affects FlexWater Corporate Water Management: before 5.452.0.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.
This issue affects FlexWater Corporate Water Management: before 5.452.0.
" } ] } ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-1011", "tags": [ "government-resource", "broken-link" ] }, { "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1011", "tags": [ "government-resource" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } } ], "credits": [ { "lang": "en", "value": "Yusuf Kamil ÇAVUŞOĞLU", "type": "finder" } ], "source": { "defect": [ "TR-24-1011" ], "advisory": "TR-24-1011", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "affected": [ { "vendor": "universal_software_inc", "product": "flexwater_corporate_water_management", "cpes": [ "cpe:2.3:a:universal_software_inc:flexwater_corporate_water_management:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "versions": [ { "version": "0", "status": "affected", "lessThan": "5.452.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-07-18T18:25:24.771362Z", "id": "CVE-2024-0857", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T13:30:56.285Z" } }, { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.811Z" }, "title": "CVE Program Container", "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-1011", "tags": [ "x_transferred" ] } ] } ] } }