CVE-2017-11508

Name of the Vulnerable Software and Affected Versions SecurityCenter versions 5.5.0 through 5.5.2

Description The issue allows an authenticated user with sufficient privileges to potentially gain unauthorized access by exploiting a SQL Injection vulnerability. This can be done by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter.

Recommendations For SecurityCenter versions 5.5.0 through 5.5.2, consider restricting access to diagnostic scans until a fix is available. As a temporary workaround, avoid using the password field in diagnostic scans to minimize the risk of exploitation.