Sparx Pro Cloud Server
Monthly
SQL injection in Sparx Pro Cloud Server 6.0.163 allows remote attackers without authentication to execute arbitrary SQL commands against the backend database, leading to complete system compromise. Despite critical CVSS 9.5 scoring with network attack vector and no authentication required, exploitation complexity is rated HIGH and EPSS indicates only 0.06% probability (19th percentile). SSVC framework classifies technical impact as total but exploitation as none and not automatable, suggesting this requires specialized knowledge or non-default configurations to exploit. No active exploitation confirmed, no public exploit code identified at time of analysis.
Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.
Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.
SQL injection in Sparx Pro Cloud Server 6.0.163 allows remote attackers without authentication to execute arbitrary SQL commands against the backend database, leading to complete system compromise. Despite critical CVSS 9.5 scoring with network attack vector and no authentication required, exploitation complexity is rated HIGH and EPSS indicates only 0.06% probability (19th percentile). SSVC framework classifies technical impact as total but exploitation as none and not automatable, suggesting this requires specialized knowledge or non-default configurations to exploit. No active exploitation confirmed, no public exploit code identified at time of analysis.
Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.
Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.