SQL Injection Vulnerability in Unisys ePortal Manager
CVE-2018-8802

8.1HIGH

Key Information:

Vendor: Unisys
Status: Clearpath Eportal Manager
Vendor: CVE Published:; 26 March 2018

What is CVE-2018-8802?

The ePortal Manager by Unisys contains a SQL injection vulnerability in its management interface, which can be exploited by remote attackers. This flaw allows attackers to send specially crafted SQL commands through unspecified parameters, potentially compromising the database and allowing unauthorized access to sensitive information. Users are advised to apply security measures and stay updated with the latest patches to mitigate risks associated with this vulnerability.

References

https://public.support.unisys.com/common/public/vulnerabi...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2018
Vulnerability Reserved
Mar 19, 2018

CVE-2018-8802 Data

JSON