Lucene search
HistoryDec 02, 2014 - 4:59 p.m.
CVE-2014-8728
cve-2014-8728
sql injection
subex roc
fraud management system
fms
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.1%
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
Affected configurations
Node
subexroc_fraud_management_systemRange≤7.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| subex:roc_fraud_management_system | subex roc fraud management system | le | 7.4 |
References
Related
cvelist
cvelist
CVE-2014-8728
2014-12-02 16:00:00
prion
prion
Sql injection
2014-12-02 16:59:00
nvd
nvd
CVE-2014-8728
2014-12-02 16:59:00
exploitpack
exploitpack
Subex Fms 7.4 - SQL Injection
2014-11-11 00:00:00
exploitdb
exploitdb
Subex Fms 7.4 - SQL Injection
2014-11-11 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.1%
Related for CVE-2014-8728