Lucene search

[email protected]CVE-2007-1882

HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-1882

2007-04-0601:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1882

nvd

hp mercury quality center

sql injection

remote authentication

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

Affected configurations

NVD

Node

hpmercury_quality_centerMatch9.0build_9.1.0.4352

CPENameOperatorVersion
hp:mercury_quality_centerhp mercury quality centereq9.0

CPE	Name	Operator	Version
hp:mercury_quality_center	hp mercury quality center	eq	9.0

References

lists.grok.org.uk/pipermail/full-disclosure/2007-April/053406.html

osvdb.org/34630

secunia.com/advisories/24730

securityreason.com/securityalert/2527

www.securitytracker.com/id?1017842

www.vupen.com/english/advisories/2007/1246

exchange.xforce.ibmcloud.com/vulnerabilities/33385

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2007-1882

cvelist1 prion1 nvd1 securityvulns1