3 matches found
CVE-2021-28970
CVE-2021-28970 concerns eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices. The vulnerability allows a remote authenticated user to perform a SQL injection through the job_id parameter in the email search feature. The underlying impact reported includes partial confidentiality...
CVE-2021-28969
CVE-2021-28969 affects FireEye eMPS 9.0.1.923211 on EX 3500 devices, where remote authenticated users can perform SQL injection through the sort_by parameter in the email search feature. The issue is addressed in version 9.0.3 per the vendor. Connected documents corroborate the vulnerability in e...
CVE-2020-25034
CVE-2020-25034 affects eMPS prior to 9.0 on FireEye EX 3500 devices. The issue allows remote authenticated users to perform SQL injection via the email search feature’s parameters (sort, sort_by, search{URL], search[attachment]). The underlying root cause is unsafely constructed SQL in the email ...