【Vulnerability Alert】 ESi Technology AIM LINE Marketing Platform Contains a Critical Security Vulnerability (CVE-2024-9982)

publish date : 2024-10-22 update date : 2024-10-22

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024101810101919	Publication Time	2024/10/18 10:40
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/10/16 10:40
Impact Level	Medium
[Subject] 【Vulnerability Alert】 ESi Technology AIM LINE Marketing Platform Contains a Critical Security Vulnerability (CVE-2024-9982)
[Content] Forwarded from TWCERTCC-200-202410-00000008 On 2024-10-15, TWCERT/CC released TVN-202410012, CVE-2024-9982 (CVSS: 9.8). The ESi Technology AIM LINE marketing platform, when the LINE activity module is enabled, does not properly validate certain query parameters. This allows unauthenticated remote attackers to inject arbitrary FetchXml commands to read, modify, and delete database content. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] AIM LINE Marketing Platform versions 3.3 to 5.8.4
[Recommended Actions] Contact the vendor to install the patch or upgrade to version 6.0 or later.
[Reference] ESi Technology AIM LINE Marketing Platform - SQL Injection:https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share