Описание
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:fireeye:email_malware_protection_system:9.0.1.923211:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.0018
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
EPSS
Процентиль: 40%
0.0018
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89