Lucene search

[email protected]CVE-2004-1608

HistoryOct 18, 2004 - 4:00 a.m.

CVE-2004-1608

2004-10-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

saleslogix 6.1

remote attackers

nvd

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.

CPENameOperatorVersion
saleslogix_corporation:saleslogixsaleslogix corporation saleslogixeq2000.0
best_software:saleslogixbest software saleslogixeq*

CPE	Name	Operator	Version
saleslogix_corporation:saleslogix	saleslogix corporation saleslogix	eq	2000.0
best_software:saleslogix	best software saleslogix	eq	*

References

archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html

marc.info/?l=bugtraq&m=109811852218478&w=2

secunia.com/advisories/12883

securitytracker.com/id?1011769

www.osvdb.org/10945

www.securityfocus.com/bid/11450

exchange.xforce.ibmcloud.com/vulnerabilities/17752

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON