CVE-2016-15021

A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The identifier of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.2 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/nickzren/alsdb/commit/cbc79a68145e845f951113d184b4de207c341599	Patch Third Party Advisory
https://github.com/nickzren/alsdb/releases/tag/v2	Release Notes Third Party Advisory
https://vuldb.com/?ctiid.218429	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.218429	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:columbia:als_data_browser:1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-17 16:15

Updated : 2024-05-17 01:08

NVD link : CVE-2016-15021

Mitre link : CVE-2016-15021

CVE.ORG link : CVE-2016-15021

JSON object : View

Products Affected

columbia

als_data_browser

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2016-15021", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2023-01-17T16:15:16.383", "references": [{"url": "https://github.com/nickzren/alsdb/commit/cbc79a68145e845f951113d184b4de207c341599", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/nickzren/alsdb/releases/tag/v2", "tags": ["Release Notes", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.218429", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.218429", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The identifier of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en nickzren alsdb. Ha sido calificada como cr\u00edtica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n conduce a la inyecci\u00f3n SQL. La actualizaci\u00f3n a la versi\u00f3n v2 puede solucionar este problema. El identificador del parche es cbc79a68145e845f951113d184b4de207c341599. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-218429."}], "lastModified": "2024-05-17T01:08:09.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:columbia:als_data_browser:1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DED66A0-FB6C-41C9-BD33-C03C3B6593A4"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}