EUVD-2026-30932
GHSA-r2pf-hp27-79jw
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionNVD
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
AnalysisAI
Denial of service in Sparx Systems Pro Cloud Server 6.1 (build 167) and earlier allows authenticated remote attackers to crash the service by submitting a specially crafted SQL query that the server fails to parse safely. The flaw, reported by CERT-PL, results in unexpected termination of the Pro Cloud Server process, and no public exploit identified at time of analysis. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 HOURS: Inventory all Pro Cloud Server 6.1 and earlier installations; restrict network access to Pro Cloud Server to internal-only or trusted IP ranges, disabling external connectivity if feasible. 7 DAYS: Deploy process-level health monitoring with automatic restart capability; review SQL query logging for suspicious patterns; enforce least-privilege database access for application accounts. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today