Lucene search

[email protected]CVE-2012-4951

HistoryNov 15, 2012 - 11:58 a.m.

CVE-2012-4951

2012-11-1511:58:40

CWE-89

[email protected]

web.nvd.nist.gov

verifone

vericentre

web console

sql injection

cve-2012-4951

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.

Affected configurations

NVD

Node

verifonevericentre_web_consoleRange≤2.2

verifonevericentre_web_consoleMatch2.0

verifonevericentre_web_consoleMatch2.0.1

CPENameOperatorVersion
verifone:vericentre_web_consoleverifone vericentre web consolele2.2
verifone:vericentre_web_consoleverifone vericentre web consoleeq2.0
verifone:vericentre_web_consoleverifone vericentre web consoleeq2.0.1

CPE	Name	Operator	Version
verifone:vericentre_web_console	verifone vericentre web console	le	2.2
verifone:vericentre_web_console	verifone vericentre web console	eq	2.0
verifone:vericentre_web_console	verifone vericentre web console	eq	2.0.1

References

www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf

www.kb.cert.org/vuls/id/180091

www.securityfocus.com/bid/56409

exchange.xforce.ibmcloud.com/vulnerabilities/79832

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for CVE-2012-4951

nvd1 cert1 cvelist1 prion1