Lucene search

K
cve[email protected]CVE-2018-0685
HistoryNov 15, 2018 - 3:29 p.m.

CVE-2018-0685

2018-11-1515:29:00
CWE-89
web.nvd.nist.gov
21
cve-2018-0685
sql injection
denbun pop
security vulnerability
remote attackers
mail search

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.

Affected configurations

Vulners
NVD
Node
neojapan_inc.denbun_pop_version_v3.3p_r4.0_and_earlierRange3.3P4.0
CPENameOperatorVersion
neo:debun_popneo debun pople3.3p_r4.0

CNA Affected

[
  {
    "product": "Denbun POP version V3.3P R4.0 and earlier",
    "vendor": "NEOJAPAN Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Denbun POP version V3.3P R4.0 and earlier"
      }
    ]
  }
]

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

Related for CVE-2018-0685