Lucene search

[email protected]CVE-2010-0712

HistoryFeb 26, 2010 - 5:30 p.m.

CVE-2010-0712

2010-02-2617:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-0712

sql injection

zenoss

remote authenticated

nvd

vulnerabilities

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.8%

JSON

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.

Affected configurations

NVD

Node

zenosszenossRange≤2.4.5

zenosszenossMatch2.3.0

zenosszenossMatch2.3.3

zenosszenossMatch2.4.0

zenosszenossMatch2.4.2

CPENameOperatorVersion
zenoss:zenosszenossle2.4.5
zenoss:zenosszenosseq2.3.0
zenoss:zenosszenosseq2.3.3
zenoss:zenosszenosseq2.4.0
zenoss:zenosszenosseq2.4.2

CPE	Name	Operator	Version
zenoss:zenoss	zenoss	le	2.4.5
zenoss:zenoss	zenoss	eq	2.3.0
zenoss:zenoss	zenoss	eq	2.3.3
zenoss:zenoss	zenoss	eq	2.4.0
zenoss:zenoss	zenoss	eq	2.4.2

References

dev.zenoss.org/trac/changeset/15257

osvdb.org/61804

secunia.com/advisories/38195

www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/

www.securityfocus.com/bid/37802

www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html

exchange.xforce.ibmcloud.com/vulnerabilities/55670

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.8%

JSON

Related for CVE-2010-0712

prion1 nvd1 cvelist1 openvas2