8.3 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.5%
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
CPE | Name | Operator | Version |
---|---|---|---|
zenoss:zenoss | zenoss | le | 2.4.5 |
zenoss:zenoss | zenoss | eq | 2.3.0 |
zenoss:zenoss | zenoss | eq | 2.3.3 |
zenoss:zenoss | zenoss | eq | 2.4.0 |
zenoss:zenoss | zenoss | eq | 2.4.2 |
dev.zenoss.org/trac/changeset/15257
osvdb.org/61804
secunia.com/advisories/38195
www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/
www.securityfocus.com/bid/37802
www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html
exchange.xforce.ibmcloud.com/vulnerabilities/55670