Lucene search

[email protected]CVE-2014-4977

HistoryJul 16, 2014 - 2:19 p.m.

CVE-2014-4977

2014-07-1614:19:04

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

dell sonicwall

scrutinizer 11.0.1

remote authenticated users

nvd

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.5%

JSON

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

Affected configurations

NVD

Node

sonicwallscrutinizerMatch11.0.1

CPENameOperatorVersion
sonicwall:scrutinizersonicwall scrutinizereq11.0.1

CPE	Name	Operator	Version
sonicwall:scrutinizer	sonicwall scrutinizer	eq	11.0.1

References

packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html

packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html

seclists.org/fulldisclosure/2014/Jul/44

www.securityfocus.com/bid/68495

exchange.xforce.ibmcloud.com/vulnerabilities/94439

gist.github.com/brandonprry/36b4b8df1cde279a9305

gist.github.com/brandonprry/76741d9a0d4f518fe297

www.exploit-db.com/exploits/39836/

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2014-4977

prion1 packetstorm1 zdt1 cvelist1 checkpoint_advisories1 nvd1