CVE-2018-18286

Sažetak

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

Reference

https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf
https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-adivsory-19-0003-001

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

26-04-2019 - 18:41

Objavljeno

25-04-2019 - 19:29