CVE-2014-8728

Name of the Vulnerable Software and Affected Versions Subex ROC Fraud Management versions 7.4 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the ranger user[name] parameter in the login page, specifically the "login/login" endpoint.

Recommendations For Subex ROC Fraud Management versions 7.4 and earlier, update to a version later than 7.4 to resolve the issue. As a temporary workaround, consider restricting access to the "login/login" endpoint to minimize the risk of exploitation. Avoid using the ranger user[name] parameter in the affected login page until the issue is resolved.