CVE-2015-6004

{"id": "CVE-2015-6004", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2015-12-27T03:59:00.113", "references": [{"url": "http://twitter.com/ipswitch/statuses/677558623229317121", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/79506", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id/1034833", "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems", "tags": ["Exploit"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/176160", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en IPSwitch WhatsUp Gold en versiones anteriores a la 16.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) UniqueID (tambi\u00e9n conocido como sUniqueID) en WrFreeFormText.asp en el componente Reports o (2) Find Device."}], "lastModified": "2016-12-06T03:03:05.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33D94C28-430E-40D1-91D4-D9B5FD6989D2", "versionEndIncluding": "16.3"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}