CVE-2024-49588: Multiple authenticated SQL injections in oracle-sidecar
6.8
CVSS
Description
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Classification
CVE ID: CVE-2024-49588
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.8
Affected Products
Vendor: Palantir
Product: com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.44% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2chttps://cwe.mitre.org/data/definitions/89.html