PT-2015-1377 · Ibm · Ibm Security Siteprotector System

Publicado

2015-05-25

·

Atualizado

2015-05-26

·

CVE-2015-0161

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions IBM Security SiteProtector System versions 3.0 before 3.0.0.7 IBM Security SiteProtector System versions 3.1 before 3.1.0.4 IBM Security SiteProtector System versions 3.1.1 before 3.1.1.2
Description The issue is related to a lack of protection in the SQL query structure, allowing remote authenticated users to execute arbitrary SQL commands. This can be exploited by a remote attacker to execute unauthorized SQL commands.
Recommendations For IBM Security SiteProtector System versions 3.0 before 3.0.0.7, update to version 3.0.0.7 or later. For IBM Security SiteProtector System versions 3.1 before 3.1.0.4, update to version 3.1.0.4 or later. For IBM Security SiteProtector System versions 3.1.1 before 3.1.1.2, update to version 3.1.1.2 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BDU:2015-10470
CVE-2015-0161

Produtos afetados

Ibm Security Siteprotector System