vendor:
Network Automation
by:
Unknown
9
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Network Automation
Affected Version From: 7.2x
Affected Version To: 9.1
Patch Exists: NO
Related CWE:
CPE: a:hp:network_automation:7.2x
Platforms Tested:
Unknown
HP Network Automation SQL Injection Vulnerability
The HP Network Automation application is prone to an SQL injection vulnerability due to the lack of proper sanitization of user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Mitigation:
To mitigate this vulnerability, it is recommended to apply the necessary security patches provided by HP or upgrade to a non-vulnerable version.