CVE-2012-2684

Sažetak

Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.

Reference

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245
http://rhn.redhat.com/errata/RHSA-2012-1281.html
http://rhn.redhat.com/errata/RHSA-2012-1278.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html
http://www.securityfocus.com/bid/55618
http://secunia.com/advisories/50660

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-07-2021 - 19:16

Objavljeno

28-09-2012 - 17:55