PT-2014-8885 · Greenbone Networks · Openvas Manager

Published

2014-12-03

Updated

2018-10-30

CVE-2014-9220

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenVAS Manager versions prior to 4.0.6 OpenVAS Manager versions 5.x prior to 5.0.7

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify schedule OMP command.

Recommendations For OpenVAS Manager versions prior to 4.0.6, update to version 4.0.6 or later. For OpenVAS Manager versions 5.x prior to 5.0.7, update to version 5.0.7 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2014-9220

MGASA-2015-0001

Affected Products

Openvas Manager

PT-2014-8885 · Greenbone Networks · Openvas Manager

CVE-2014-9220

Weakness Enumeration

Related Identifiers

Affected Products

References · 10