CVE-2015-9249

Name of the Vulnerable Software and Affected Versions Skybox Platform versions prior to 7.5.201

Description An issue exists in the software, where SQL Injection is possible. This occurs via a soapenv:Body element in the /skyboxview/webservice/services/VersionWebService API endpoint.

Recommendations For versions prior to 7.5.201, update to version 7.5.201 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview/webservice/services/VersionWebService API endpoint to minimize the risk of exploitation. Avoid using the soapenv:Body element in this endpoint until the issue is resolved.