CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-53007: Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

6.4 CVSS

Description

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:T/RC:C

Vendor: Bentley

Product: ProjectWise Integration Server

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-03-01 (when was this score calculated)

2025-02-01 00:30:32 UTC
CVE

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.