Описание
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.3 (включая)
Одно из
cpe:2.3:a:broadcom:project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:project_portfolio_management:14.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:project_portfolio_management:15.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:project_portfolio_management:15.2:cp5:*:*:*:*:*:*
cpe:2.3:a:ca:project_portfolio_management:15.3:cp2:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00706
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
EPSS
Процентиль: 72%
0.00706
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89