Lucene search

[email protected]CVE-2013-7092

HistoryDec 13, 2013 - 6:07 p.m.

CVE-2013-7092

2013-12-1318:07:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-7092

sql injection

mcafee email gateway

security vulnerabilities

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys.

CPENameOperatorVersion
mcafee:email_gatewaymcafee email gatewayeq7.6

CPE	Name	Operator	Version
mcafee:email_gateway	mcafee email gateway	eq	7.6

References

osvdb.org/100582

packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html

seclists.org/fulldisclosure/2013/Dec/18

www.securityfocus.com/bid/64150

exchange.xforce.ibmcloud.com/vulnerabilities/90161

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2013-7092

prion3 seebug2 cvelist3 cve2 nessus1 openvas1