Primary

Context

SicommNet BASEC SQL Injection Vulnerability Allowing Authentication Bypass

Vulnerability

A SQL injection vulnerability has been identified in the SicommNet BASEC SaaS service login page. This vulnerability allows an unauthenticated remote attacker to bypass authentication and execute arbitrary SQL commands. It affects BASEC versions from December 14, 2021, to April 16, 2025.

Impact

Exploitation of this vulnerability allows for authentication bypass and execution of arbitrary SQL commands, potentially leading to unauthorized access or manipulation of the application's database.

Remediation

SicommNet has fixed this vulnerability as of April 16, 2025. However, users are advised to consider all data in the BASEC tool compromised and to stop using the service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SicommNet BASEC SQL Injection Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating