Primary

Context

ASPECT, NEXUS Series, and MATRIX Series 2nd Order SQL Injection Vulnerability Allowing Database Manipulation

Vulnerability

A 2nd order SQL injection vulnerability has been identified in ASPECT-Enterprise, NEXUS Series, and MATRIX Series, all through version 3.*. This vulnerability allows unintended access to and manipulation of database repositories, particularly if administrator credentials are compromised.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of database repositories.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASPECT, NEXUS Series, and MATRIX Series 2nd Order SQL Injection Vulnerability Allowing Database Manipulation

Vulnerability

Impact

Affected Products

ABB ASPECT-Enterprise

ABB MATRIX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating