CVE-2015-6004

Опубликовано: 27 дек. 2015

Источник: nvd

CVSS3: 6.5

CVSS2: 6.5

EPSS Средний

Описание

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.

Ссылки

http://twitter.com/ipswitch/statuses/677558623229317121
Vendor Advisory
http://www.securityfocus.com/bid/79506
http://www.securitytracker.com/id/1034833
https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems
Exploit
https://www.kb.cert.org/vuls/id/176160
Third Party Advisory
US Government Resource
http://twitter.com/ipswitch/statuses/677558623229317121
Vendor Advisory
http://www.securityfocus.com/bid/79506
http://www.securitytracker.com/id/1034833
https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems
Exploit
https://www.kb.cert.org/vuls/id/176160
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

Версия до 16.3 (включая)

EPSS

Процентиль: 95%

0.16898

Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-q7r8-6fcq-p76p

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 95%

0.16898

Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89