Lucene search

CertccCVE-2014-4858

HistoryJul 26, 2014 - 11:11 a.m.

CVE-2014-4858

2014-07-2611:11:57

CWE-89

certcc

web.nvd.nist.gov

cve-2014-4858

sql injection

cwplogin.aspx

sabre aircentre crew

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.001

Percentile

46.5%

JSON

Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

Affected configurations

Nvd

Node

sabreairlinesolutionscrew_managementRange≤2010.2.12.20008

sabreairlinesolutionscrew_operationsRange≤2010.2.12.20008

sabreairlinesolutionscrew_planningRange≤2010.2.12.20008

sabreairlinesolutionscrew_servicesRange≤2010.2.12.20008

sabreairlinesolutionscrew_trainingRange≤2010.2.12.20008

VendorProductVersionCPE
sabreairlinesolutionscrew_management*cpe:2.3:a:sabreairlinesolutions:crew_management:*:*:*:*:*:*:*:*
sabreairlinesolutionscrew_operations*cpe:2.3:a:sabreairlinesolutions:crew_operations:*:*:*:*:*:*:*:*
sabreairlinesolutionscrew_planning*cpe:2.3:a:sabreairlinesolutions:crew_planning:*:*:*:*:*:*:*:*
sabreairlinesolutionscrew_services*cpe:2.3:a:sabreairlinesolutions:crew_services:*:*:*:*:*:*:*:*
sabreairlinesolutionscrew_training*cpe:2.3:a:sabreairlinesolutions:crew_training:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sabreairlinesolutions	crew_management	*	cpe:2.3:a:sabreairlinesolutions:crew_management::::::::
sabreairlinesolutions	crew_operations	*	cpe:2.3:a:sabreairlinesolutions:crew_operations::::::::
sabreairlinesolutions	crew_planning	*	cpe:2.3:a:sabreairlinesolutions:crew_planning::::::::
sabreairlinesolutions	crew_services	*	cpe:2.3:a:sabreairlinesolutions:crew_services::::::::
sabreairlinesolutions	crew_training	*	cpe:2.3:a:sabreairlinesolutions:crew_training::::::::

References

www.kb.cert.org/vuls/id/394540

www.securityfocus.com/bid/68899

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

Low

EPSS

0.001

Percentile

46.5%

JSON

Related for CVE-2014-4858