Lucene search
HistoryJul 26, 2014 - 11:11 a.m.
CVE-2014-4858
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
Low
EPSS
0.001
Percentile
46.5%
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
Affected configurations
Node
sabreairlinesolutionscrew_managementRange≤2010.2.12.20008
ORsabreairlinesolutionscrew_operationsRange≤2010.2.12.20008
ORsabreairlinesolutionscrew_planningRange≤2010.2.12.20008
ORsabreairlinesolutionscrew_servicesRange≤2010.2.12.20008
ORsabreairlinesolutionscrew_trainingRange≤2010.2.12.20008
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sabreairlinesolutions | crew_management | * | cpe:2.3:a:sabreairlinesolutions:crew_management:*:*:*:*:*:*:*:* |
| sabreairlinesolutions | crew_operations | * | cpe:2.3:a:sabreairlinesolutions:crew_operations:*:*:*:*:*:*:*:* |
| sabreairlinesolutions | crew_planning | * | cpe:2.3:a:sabreairlinesolutions:crew_planning:*:*:*:*:*:*:*:* |
| sabreairlinesolutions | crew_services | * | cpe:2.3:a:sabreairlinesolutions:crew_services:*:*:*:*:*:*:*:* |
| sabreairlinesolutions | crew_training | * | cpe:2.3:a:sabreairlinesolutions:crew_training:*:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2014-07-26 11:11:00
cve
cve
CVE-2014-4858
2014-07-26 11:11:57
cert
cert
Sabre AirCentre Crew solutions contain a SQL injection vulnerability
2014-07-25 00:00:00
cvelist
cvelist
CVE-2014-4858
2014-07-26 10:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
Low
EPSS
0.001
Percentile
46.5%
Related for NVD:CVE-2014-4858