Dr. Benjamin Hess

Name of the Vulnerable Software and Affected Versions: eMPS versions prior to 9.0.3 Description: The issue allows remote authenticated users to conduct SQL injection attacks via the `sort by` parameter to the email search feature. Recommendations: For versions prior to 9.0.3, update to version 9.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the email search feature until the update is applied. Avoid using the `sort by` parameter in the affected feature until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: FireEye EX 3500 eMPS versions 9.0.1.923211 through 9.0.2 Description: The issue allows remote authenticated users to conduct SQL injection attacks via the `job id` parameter to the "email search feature". According to the vendor, the issue is fixed in version 9.0.3. Recommendations: For versions 9.0.1.923211 through 9.0.2, update to version 9.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the email search feature until the update is applied. Avoid using the `job id` parameter in the affected feature until the issue is resolved.