Virtual Access Monitor SQL Injection

2013-04-03 / 2013-05-17

Credit: NCC Group Research

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2013-3533

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

High Risk Vulnerability in Virtual Access Monitor

2 April 2013

Ken Wolstencroft of NCC Group has discovered a High risk vulnerability in Virtual Access Monitor 

Impact: Multiple SQL Injection Vulnerabilities

Versions affected: Virtual Access Monitor 3.10.17 (and previous)

Details of the most recent version of the product can be found at the following URL:
http://www.virtualaccess.com/customer-support.php

NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure.

NCC Group Research
http://www.nccgroup.com/research


For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>
This email message has been delivered safely and archived online by Mimecast.
</a>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Virtual Access Monitor SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.