PT-2015-1378 · Ibm · Ibm Security Siteprotector System

Publicado

2015-05-25

Atualizado

2015-05-26

CVE-2015-0169

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Security SiteProtector System versions 3.0 before 3.0.0.7 IBM Security SiteProtector System versions 3.1 before 3.1.0.4 IBM Security SiteProtector System versions 3.1.1 before 3.1.1.2

Description The issue allows remote authenticated users to inject arguments via unspecified vectors. This is due to the system's failure to neutralize special elements, which can be exploited by a remote attacker to inject their own command arguments.

Recommendations For versions 3.0 before 3.0.0.7, update to version 3.0.0.7 or later. For versions 3.1 before 3.1.0.4, update to version 3.1.0.4 or later. For versions 3.1.1 before 3.1.1.2, update to version 3.1.1.2 or later.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

BDU:2015-10471

CVE-2015-0169

Produtos afetados

Ibm Security Siteprotector System

PT-2015-1378 · Ibm · Ibm Security Siteprotector System

CVE-2015-0169

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3