7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%
Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges.
Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL injection vulnerability. Please see CERT-NPS:2011:005 for more information.
An attacker with network access to the SENTINEL web interface could access the system with administrative privileges.
Upgrade
Credible information indicates that this vulnerability is addressed in SENTINEL version 2.0.1.0.
Restrict access
Restrict access to the SENTINEL web interface to trusted users and networks.
122142
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 22, 2011 Updated: October 14, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Credible information indicates that this vulnerability is addressed in SENTINEL version 2.0.1.0.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23122142 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 9.7 | AV:N/AC:L/Au:N/C:C/I:C/A:P |
Temporal | 7.9 | E:F/RL:W/RC:UC |
Environmental | 2.1 | CDP:LM/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to CERT-NETPEAS for reporting this vulnerability. Thanks also to ICS-CERT and aeCERT for their assistance.
This document was written by Art Manion.
CVE IDs: | CVE-2011-1913 |
---|---|
Severity Metric: | 1.22 Date Public: |
cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/
cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/
cwe.mitre.org/data/definitions/89.html
www.mercator.com/customers/CustMap/customermap.html