Lucene search

MitreCVE-2007-2230

HistoryApr 25, 2007 - 3:19 p.m.

CVE-2007-2230

2007-04-2515:19:00

CWE-89

mitre

web.nvd.nist.gov

cve-2007-2230

sql injection

ca clever path portal

remote

authenticated

database contents

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.

Affected configurations

Nvd

Node

broadcomcleverpath_portal

VendorProductVersionCPE
broadcomcleverpath_portal*cpe:2.3:a:broadcom:cleverpath_portal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	cleverpath_portal	*	cpe:2.3:a:broadcom:cleverpath_portal::::::::

References

ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt

archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.html

secunia.com/advisories/25002

supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp

www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879

www.hacktics.com/AdvCleverPathApr07.html

www.osvdb.org/34128

www.securityfocus.com/archive/1/466760/100/0/threaded

www.securityfocus.com/bid/23671

www.securitytracker.com/id?1017970

www.vupen.com/english/advisories/2007/1544

exchange.xforce.ibmcloud.com/vulnerabilities/33853

Social References

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

Related for CVE-2007-2230