Lucene search

K
cve[email protected]CVE-2015-5452
HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5452

2015-07-0815:59:04
CWE-89
web.nvd.nist.gov
19
cve-2015-5452
sql injection
watchguard xcs
remote attack
arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

Affected configurations

NVD
Node
watchguardxcsMatch9.2
OR
watchguardxcsMatch10.0

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

Related for CVE-2015-5452