Lucene search

K

[email protected]NVD:CVE-2014-4977

HistoryJul 16, 2014 - 2:19 p.m.

CVE-2014-4977

2014-07-1614:19:04

CWE-89

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.959 High

EPSS

Percentile

99.5%

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

Affected configurations

NVD

Node

sonicwallscrutinizerMatch11.0.1

References

packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html

packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html

seclists.org/fulldisclosure/2014/Jul/44

www.securityfocus.com/bid/68495

exchange.xforce.ibmcloud.com/vulnerabilities/94439

gist.github.com/brandonprry/36b4b8df1cde279a9305

gist.github.com/brandonprry/76741d9a0d4f518fe297

www.exploit-db.com/exploits/39836/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.959 High

EPSS

Percentile

99.5%

Related for NVD:CVE-2014-4977

prion1 cve1 checkpoint_advisories1 zdt1 packetstorm1 cvelist1