SQL Injection in RSA Web Threat Detection by EMC
CVE-2014-4627

8.8HIGH

Key Information:

Vendor

Rsa
Status
Web Threat Detection
Vendor
CVE Published:
7 November 2014

What is CVE-2014-4627?

A SQL injection vulnerability exists in EMC's RSA Web Threat Detection software, particularly affecting versions prior to 4.6.1.1. This vulnerability allows remote authenticated users to execute arbitrary SQL commands, which could potentially lead to unauthorized access to sensitive data or manipulation of database information through undefined vectors. Such a flaw highlights significant security concerns in web applications, necessitating prompt updates and rigorous security practices.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98523
vdb-entryx_refsource_XF
http://archives.neohapsis.com/archives/bugtraq/2014-11/00...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/70955
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.