| |
Vulnerability CVE-2014-4013
Published: 2014-07-14
Description: |
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
CVSS2 => (AV:A/AC:M/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.9/10 |
6.4/10 |
4.4/10 |
Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Medium |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.arubanetworks.com/support/alerts/aid-07032014.txt
http://secunia.com/advisories/58936
|
|
|
Copyright 2024, cxsecurity.com
|
|
|