MidnightBSD

Advisories for ntracker

CVE-2020-7819 MEDIUM

A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
vuln@krcert.or.kr 9.3 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 2.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-89,

Products Affected

Vendor Product Version
ntracker ntracker_usb_enterprise *