Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61792
HistoryMar 14, 2014 - 12:00 a.m.

McAfee Email Gateway/McAfee Email and Web Security Appliance SQL注入漏洞

2014-03-1400:00:00
Root
www.seebug.org
15

0.004 Low

EPSS

Percentile

75.0%

JSON

CVE ID:CVE-2013-7092

McAfee Email Gateway之前名为IronMail,是企业级的硬件邮件网关和管理平台。

由于通过"events_col", "event_id", "reason", "events_order", "emailstatus_order"和"emailstatus_col" JSON keys传递到/admin/cgi-bin/rpc/doReport/18的输入在被用于SQL查询前没有正确过滤,攻击者可以利用漏洞通过注入任意SQL代码操纵SQL查询。
0
McAfee Email and Web Security Appliance 5.x
McAfee Email Gateway 7.x
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://kc.mcafee.com/corporate/index?page=content&id=SB10064

Related

seebug 1
prion 3
cvelist 3
nvd 3
cve 3
nessus 1
openvas 1
seebug
seebug
McAfee Email Gateway/McAfee Email和Web Security Appliance多个SQL注入漏洞
2014-03-18 00:00:00
prion
prion
Sql injection
2013-12-13 18:07:00
Command injection
2013-12-14 17:21:00
Command injection
2013-12-14 17:21:00
cvelist
cvelist
CVE-2013-7092
2013-12-13 18:00:00
CVE-2013-7103
2013-12-14 17:00:00
CVE-2013-7104
2013-12-14 17:00:00
nvd
nvd
CVE-2013-7092
2013-12-13 18:07:54
CVE-2013-7103
2013-12-14 17:21:47
CVE-2013-7104
2013-12-14 17:21:47
cve
cve
CVE-2013-7092
2013-12-13 18:07:54
CVE-2013-7103
2013-12-14 17:21:47
CVE-2013-7104
2013-12-14 17:21:47
nessus
nessus
McAfee Email Gateway Multiple Vulnerabilities (SB10064)
2014-03-27 00:00:00
openvas
openvas
McAfee Email Gateway Multiple Vulnerabilities
2016-07-14 00:00:00

0.004 Low

EPSS

Percentile

75.0%

JSON
Related for SSV:61792
seebug1prion3cvelist3nvd3cve3nessus1openvas1