Lucene search
Japan Vulnerability NotesJVN:19011483HistoryJul 15, 2015 - 12:00 a.m.
JVN#19011483: Thetis vulnerable to SQL injection
2015-07-1500:00:00
Japan Vulnerability Notes
jvn.jp
19
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.006
Percentile
78.7%
Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection (CWE-89) vulnerability.
Impact
An attacker may obtain or alter information stored in the database.
Solution
Apply an Update
Apply the update according to the information provided by the provider.
Products Affected
- Thetis ver.2.2.0 and earlier
Related
cvelist
cvelist
CVE-2015-2972
2015-07-19 15:00:00
nvd
nvd
CVE-2015-2972
2015-07-19 15:59:00
prion
prion
Sql injection
2015-07-19 15:59:00
cve
cve
CVE-2015-2972
2015-07-19 15:59:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.006
Percentile
78.7%
Related for JVN:19011483