Lucene search
PRIOn knowledge basePRION:CVE-2018-12464HistoryJun 29, 2018 - 4:29 p.m.
Sql injection
2018-06-2916:29:00
PRIOn knowledge base
www.prio-n.com
5
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
| CPE | Name | Operator | Version |
|---|---|---|---|
| secure_messaging_gateway | lt | 471 |
Related
packetstorm
packetstorm
MicroFocus Secure Messaging Gateway Remote Code Execution
2018-07-31 00:00:00
nvd
nvd
CVE-2018-12465
2018-06-29 16:29:00
CVE-2018-12464
2018-06-29 16:29:00
cve
cve
CVE-2018-12464
2018-06-29 16:29:00
CVE-2018-12465
2018-06-29 16:29:00
prion
prion
Command injection
2018-06-29 16:29:00
cvelist
cvelist
zdt
zdt
MicroFocus Secure Messaging Gateway Remote Code Execution Exploit
2018-07-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)
2018-11-28 00:00:00