Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for 1E Platform by 1E

    CVE-2024-7211 (GCVE-0-2024-7211)

    Vulnerability from nvd – Published: 2024-08-01 16:49 – Updated: 2025-06-18 18:41
    VLAI
    Title
    The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
    Summary
    The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • URL Redirection to Untrusted Site ('Open Redirect')
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    1E
    Impacted products
    Vendor Product Version
    1E 1E Platform Affected: 24.7
    Affected: 23.11.1.15
    Affected: 23.7.1.80
    Affected: 8.4.1.229
    Create a notification for this product.
    Date Public
    2024-08-01 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T17:33:30.440960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T16:24:43.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "1E Platform",
              "vendor": "1E",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.7"
                },
                {
                  "status": "affected",
                  "version": "23.11.1.15"
                },
                {
                  "status": "affected",
                  "version": "23.7.1.80"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.229"
                }
              ]
            }
          ],
          "datePublic": "2024-08-01T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctt\u003e\u003ctt\u003eThe 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\u003cbr\u003e\u003cbr\u003eNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/tt\u003e"
                }
              ],
              "value": "The 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-18T18:41:03.926Z",
            "orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
            "shortName": "1E"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/"
            }
          ],
          "source": {
            "advisory": "CVE-2024-39694",
            "discovery": "EXTERNAL"
          },
          "title": "The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
        "assignerShortName": "1E",
        "cveId": "CVE-2024-7211",
        "datePublished": "2024-08-01T16:49:47.597Z",
        "dateReserved": "2024-07-29T16:05:07.068Z",
        "dateUpdated": "2025-06-18T18:41:03.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45162 (GCVE-0-2023-45162)

    Vulnerability from nvd – Published: 2023-10-13 12:48 – Updated: 2025-06-18 18:41
    VLAI
    Title
    Blind SQL vulnerability in 1E platform
    Summary
    Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    1E
    Impacted products
    Vendor Product Version
    1E 1E Platform Affected: 0 , < 8.1.2 (Q23166)
    Affected: 0 , < 8.4.1 (Q23164)
    Affected: 0 , < 9.0.1 (Q23169)
    Affected: 0 , < 23.7.1 (Q23173)
    Create a notification for this product.
    Credits
    Discovered by 1E penetration testing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.1e.com/trust-security-compliance/cve-info/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T20:24:59.274547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T20:25:10.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "1E Platform",
              "vendor": "1E",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Q23166",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23166"
                },
                {
                  "changes": [
                    {
                      "at": "Q23164",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23164"
                },
                {
                  "changes": [
                    {
                      "at": "Q23169",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23169"
                },
                {
                  "changes": [
                    {
                      "at": "Q23173",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "23.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23173"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by 1E penetration testing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eApplication of the relevant hotfix remediates this issue.\u003cbr\u003e\u003cbr\u003efor v8.1.2 apply hotfix Q23166\u003cbr\u003efor v8.4.1 apply hotfix Q23164\u003cbr\u003efor v9.0.1 apply hotfix Q23169\u003cbr\u003e\u003cbr\u003eSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
                }
              ],
              "value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u00a0\n\nApplication of the relevant hotfix remediates this issue.\n\nfor v8.1.2 apply hotfix Q23166\nfor v8.4.1 apply hotfix Q23164\nfor v9.0.1 apply hotfix Q23169\n\nSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-108",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-108 Command Line Execution through SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-18T18:41:07.315Z",
            "orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
            "shortName": "1E"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2004/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Blind SQL vulnerability in 1E platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
        "assignerShortName": "1E",
        "cveId": "CVE-2023-45162",
        "datePublished": "2023-10-13T12:48:01.359Z",
        "dateReserved": "2023-10-04T23:59:54.079Z",
        "dateUpdated": "2025-06-18T18:41:07.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7211 (GCVE-0-2024-7211)

    Vulnerability from cvelistv5 – Published: 2024-08-01 16:49 – Updated: 2025-06-18 18:41
    VLAI
    Title
    The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
    Summary
    The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • URL Redirection to Untrusted Site ('Open Redirect')
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    1E
    Impacted products
    Vendor Product Version
    1E 1E Platform Affected: 24.7
    Affected: 23.11.1.15
    Affected: 23.7.1.80
    Affected: 8.4.1.229
    Create a notification for this product.
    Date Public
    2024-08-01 14:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T17:33:30.440960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T16:24:43.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "1E Platform",
              "vendor": "1E",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.7"
                },
                {
                  "status": "affected",
                  "version": "23.11.1.15"
                },
                {
                  "status": "affected",
                  "version": "23.7.1.80"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.229"
                }
              ]
            }
          ],
          "datePublic": "2024-08-01T14:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctt\u003e\u003ctt\u003eThe 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\u003cbr\u003e\u003cbr\u003eNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/tt\u003e"
                }
              ],
              "value": "The 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-18T18:41:03.926Z",
            "orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
            "shortName": "1E"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/"
            }
          ],
          "source": {
            "advisory": "CVE-2024-39694",
            "discovery": "EXTERNAL"
          },
          "title": "The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
        "assignerShortName": "1E",
        "cveId": "CVE-2024-7211",
        "datePublished": "2024-08-01T16:49:47.597Z",
        "dateReserved": "2024-07-29T16:05:07.068Z",
        "dateUpdated": "2025-06-18T18:41:03.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45162 (GCVE-0-2023-45162)

    Vulnerability from cvelistv5 – Published: 2023-10-13 12:48 – Updated: 2025-06-18 18:41
    VLAI
    Title
    Blind SQL vulnerability in 1E platform
    Summary
    Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    1E
    Impacted products
    Vendor Product Version
    1E 1E Platform Affected: 0 , < 8.1.2 (Q23166)
    Affected: 0 , < 8.4.1 (Q23164)
    Affected: 0 , < 9.0.1 (Q23169)
    Affected: 0 , < 23.7.1 (Q23173)
    Create a notification for this product.
    Credits
    Discovered by 1E penetration testing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.1e.com/trust-security-compliance/cve-info/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T20:24:59.274547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T20:25:10.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "1E Platform",
              "vendor": "1E",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Q23166",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23166"
                },
                {
                  "changes": [
                    {
                      "at": "Q23164",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23164"
                },
                {
                  "changes": [
                    {
                      "at": "Q23169",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23169"
                },
                {
                  "changes": [
                    {
                      "at": "Q23173",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "23.7.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Q23173"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by 1E penetration testing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eApplication of the relevant hotfix remediates this issue.\u003cbr\u003e\u003cbr\u003efor v8.1.2 apply hotfix Q23166\u003cbr\u003efor v8.4.1 apply hotfix Q23164\u003cbr\u003efor v9.0.1 apply hotfix Q23169\u003cbr\u003e\u003cbr\u003eSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
                }
              ],
              "value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u00a0\n\nApplication of the relevant hotfix remediates this issue.\n\nfor v8.1.2 apply hotfix Q23166\nfor v8.4.1 apply hotfix Q23164\nfor v9.0.1 apply hotfix Q23169\n\nSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-108",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-108 Command Line Execution through SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-18T18:41:07.315Z",
            "orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
            "shortName": "1E"
          },
          "references": [
            {
              "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2004/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Blind SQL vulnerability in 1E platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
        "assignerShortName": "1E",
        "cveId": "CVE-2023-45162",
        "datePublished": "2023-10-13T12:48:01.359Z",
        "dateReserved": "2023-10-04T23:59:54.079Z",
        "dateUpdated": "2025-06-18T18:41:07.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }