Search criteria
2 vulnerabilities found for Web Threat Detection by RSA
CVE-2018-1252 (GCVE-0-2018-1252)
Vulnerability from nvd – Published: 2018-06-05 12:00 – Updated: 2024-09-17 03:32
VLAI?
Title
RSA Web Threat Detection SQL Injection Vulnerability
Summary
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.
Severity ?
No CVSS data available.
CWE
- SQL Injection Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | Web Threat Detection |
Affected:
unspecified , < 6.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Threat Detection",
"vendor": "RSA",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection\tVulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1041026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
],
"source": {
"advisory": "DSA-2018-085",
"discovery": "UNKNOWN"
},
"title": "RSA Web Threat Detection SQL Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-31T04:00:00.000Z",
"ID": "CVE-2018-1252",
"STATE": "PUBLIC",
"TITLE": "RSA Web Threat Detection SQL Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Threat Detection",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection\tVulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
]
},
"source": {
"advisory": "DSA-2018-085",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1252",
"datePublished": "2018-06-05T12:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T03:32:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1252 (GCVE-0-2018-1252)
Vulnerability from cvelistv5 – Published: 2018-06-05 12:00 – Updated: 2024-09-17 03:32
VLAI?
Title
RSA Web Threat Detection SQL Injection Vulnerability
Summary
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.
Severity ?
No CVSS data available.
CWE
- SQL Injection Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | Web Threat Detection |
Affected:
unspecified , < 6.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Threat Detection",
"vendor": "RSA",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection\tVulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1041026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
],
"source": {
"advisory": "DSA-2018-085",
"discovery": "UNKNOWN"
},
"title": "RSA Web Threat Detection SQL Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-31T04:00:00.000Z",
"ID": "CVE-2018-1252",
"STATE": "PUBLIC",
"TITLE": "RSA Web Threat Detection SQL Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Threat Detection",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection\tVulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041026"
},
{
"name": "104396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104396"
},
{
"name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/4"
}
]
},
"source": {
"advisory": "DSA-2018-085",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1252",
"datePublished": "2018-06-05T12:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T03:32:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}