CVE-2014-2949

Опубликовано: 18 июн. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Ссылки

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html?sr=38021626
Vendor Advisory
http://www.kb.cert.org/vuls/id/210884
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/68078
http://www.zerodayinitiative.com/advisories/ZDI-14-293/
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html?sr=38021626
Vendor Advisory
http://www.kb.cert.org/vuls/id/210884
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/68078
http://www.zerodayinitiative.com/advisories/ZDI-14-293/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:f5:arx_data_manager:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:arx_data_manager:3.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00426

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-ggjq-724x-pgcp

github

больше 3 лет назад