Search criteria
25 vulnerabilities found for netmri by infoblox
CVE-2024-52874 (GCVE-0-2024-52874)
Vulnerability from nvd – Published: 2025-05-22 00:00 – Updated: 2025-05-23 15:54
VLAI?
Summary
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T15:37:37.230915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:54:02.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:18:23.698Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2024-52874"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52874",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2024-11-17T00:00:00.000Z",
"dateUpdated": "2025-05-23T15:54:02.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32815 (GCVE-0-2025-32815)
Vulnerability from nvd – Published: 2025-05-22 00:00 – Updated: 2025-05-22 15:13
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:47:22.100452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:13:29.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:42:11.178Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32815",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-22T15:13:29.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32814 (GCVE-0-2025-32814)
Vulnerability from nvd – Published: 2025-05-22 00:00 – Updated: 2025-05-22 18:29
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:43:40.260350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:29:57.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:48:16.421Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32814",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:29:57.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32813 (GCVE-0-2025-32813)
Vulnerability from nvd – Published: 2025-05-22 00:00 – Updated: 2025-05-23 18:22
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T18:21:29.221650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T18:22:10.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:34:55.689Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32813",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-23T18:22:10.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54188 (GCVE-0-2024-54188)
Vulnerability from nvd – Published: 2025-05-22 00:00 – Updated: 2025-05-23 18:26
VLAI?
Summary
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T18:23:56.836964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T18:26:09.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:36:24.480Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2024-54188"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54188",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2024-12-01T00:00:00.000Z",
"dateUpdated": "2025-05-23T18:26:09.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6643 (GCVE-0-2018-6643)
Vulnerability from nvd – Published: 2018-08-28 19:00 – Updated: 2024-08-05 06:10
VLAI?
Summary
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/undefinedmode/CVE-2018-6643",
"refsource": "MISC",
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6643",
"datePublished": "2018-08-28T19:00:00",
"dateReserved": "2018-02-05T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6484 (GCVE-0-2016-6484)
Vulnerability from nvd – Published: 2017-01-23 21:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6484",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-07-27T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2033 (GCVE-0-2015-2033)
Vulnerability from nvd – Published: 2015-02-20 11:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73423"
},
{
"name": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53",
"refsource": "MISC",
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"name": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483",
"refsource": "MISC",
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2033",
"datePublished": "2015-02-20T11:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3419 (GCVE-0-2014-3419)
Vulnerability from nvd – Published: 2014-07-15 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68473"
},
{
"name": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3419",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3418 (GCVE-0-2014-3418)
Vulnerability from nvd – Published: 2014-07-15 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3418",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5178 (GCVE-0-2011-5178)
Vulnerability from nvd – Published: 2012-09-20 10:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-20T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46854"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"name": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026319"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5178",
"datePublished": "2012-09-20T10:00:00Z",
"dateReserved": "2012-09-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:37:52.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54188 (GCVE-0-2024-54188)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:00 – Updated: 2025-05-23 18:26
VLAI?
Summary
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T18:23:56.836964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T18:26:09.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:36:24.480Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2024-54188"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54188",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2024-12-01T00:00:00.000Z",
"dateUpdated": "2025-05-23T18:26:09.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32813 (GCVE-0-2025-32813)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:00 – Updated: 2025-05-23 18:22
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T18:21:29.221650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T18:22:10.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:34:55.689Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32813",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-23T18:22:10.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52874 (GCVE-0-2024-52874)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:00 – Updated: 2025-05-23 15:54
VLAI?
Summary
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T15:37:37.230915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:54:02.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:18:23.698Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2024-52874"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52874",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2024-11-17T00:00:00.000Z",
"dateUpdated": "2025-05-23T15:54:02.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32814 (GCVE-0-2025-32814)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:00 – Updated: 2025-05-22 18:29
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:43:40.260350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:29:57.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:48:16.421Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32814",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:29:57.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32815 (GCVE-0-2025-32815)
Vulnerability from cvelistv5 – Published: 2025-05-22 00:00 – Updated: 2025-05-22 15:13
VLAI?
Summary
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-32815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:47:22.100452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:13:29.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:42:11.178Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32815",
"datePublished": "2025-05-22T00:00:00.000Z",
"dateReserved": "2025-04-11T00:00:00.000Z",
"dateUpdated": "2025-05-22T15:13:29.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6643 (GCVE-0-2018-6643)
Vulnerability from cvelistv5 – Published: 2018-08-28 19:00 – Updated: 2024-08-05 06:10
VLAI?
Summary
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/undefinedmode/CVE-2018-6643",
"refsource": "MISC",
"url": "https://github.com/undefinedmode/CVE-2018-6643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6643",
"datePublished": "2018-08-28T19:00:00",
"dateReserved": "2018-02-05T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6484 (GCVE-0-2016-6484)
Vulnerability from cvelistv5 – Published: 2017-01-23 21:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html"
},
{
"name": "1036736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036736"
},
{
"name": "20160906 [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539366/100/0/threaded"
},
{
"name": "92794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6484",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-07-27T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2033 (GCVE-0-2015-2033)
Vulnerability from cvelistv5 – Published: 2015-02-20 11:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73423"
},
{
"name": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53",
"refsource": "MISC",
"url": "http://unsecurityresearch.com/index.php?option=com_content\u0026view=article\u0026id=46\u0026Itemid=53"
},
{
"name": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483",
"refsource": "MISC",
"url": "https://support.infoblox.com/app/answers/detail/a_id/3666/kw/NETMRI-23483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2033",
"datePublished": "2015-02-20T11:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3418 (GCVE-0-2014-3418)
Vulnerability from cvelistv5 – Published: 2014-07-15 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3418",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3419 (GCVE-0-2014-3419)
Vulnerability from cvelistv5 – Published: 2014-07-15 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68473"
},
{
"name": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3419",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5178 (GCVE-0-2011-5178)
Vulnerability from cvelistv5 – Published: 2012-09-20 10:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-20T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46854"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg"
},
{
"name": "20111110 [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Nov/158"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg"
},
{
"name": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss"
},
{
"name": "1026319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026319"
},
{
"name": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg",
"refsource": "CONFIRM",
"url": "http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5178",
"datePublished": "2012-09-20T10:00:00Z",
"dateReserved": "2012-09-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:37:52.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201407-0031
Vulnerability from variot - Updated: 2025-04-13 23:25config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is "root" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netmri",
"scope": "lt",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.5"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.1.2"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.0.2.42"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1.48"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.2.11"
},
{
"model": "netmri",
"scope": "lte",
"trust": 1.0,
"vendor": "infoblox",
"version": "6.8.4"
},
{
"model": "inc network automation",
"scope": null,
"trust": 0.6,
"vendor": "infoblox",
"version": null
},
{
"model": "netmri",
"scope": "eq",
"trust": 0.6,
"vendor": "infoblox",
"version": "6.8.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infoblox:netmri",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Kettlewell of Depth Security.",
"sources": [
{
"db": "BID",
"id": "68471"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3418",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3418",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3418",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3418",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is \"root\" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3418",
"trust": 4.1
},
{
"db": "BID",
"id": "68471",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "34030",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6
},
{
"db": "XF",
"id": "94449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"id": "VAR-201407-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
]
},
"last_update_date": "2025-04-13T23:25:24.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infoblox NetMRI",
"trust": 1.6,
"url": "http://www.infoblox.jp/products/network-automation/netmri"
},
{
"title": "Patch for Infoblox Network Automation product OS command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://github.com/depthsecurity/netmri-2014-3418"
},
{
"trust": 3.2,
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/jul/35"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/68471"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/532709/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/archive/1/532710/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3418"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/532710"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94449"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/en/products/netmri.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"date": "2014-07-15T14:55:09.387000",
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
}
}
VAR-201407-0032
Vulnerability from variot - Updated: 2025-04-13 23:25Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. Infoblox Network Automation is a network automation product. Infoblox Network Automation has a weak password with a username/password of root/root. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to a local security-bypass vulnerability. Local attackers may exploit this issue to bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.1.2"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.0.2.42"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1.48"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.2.11"
},
{
"model": "netmri",
"scope": "lte",
"trust": 1.0,
"vendor": "infoblox",
"version": "6.8.4"
},
{
"model": "netmri",
"scope": "lt",
"trust": 0.8,
"vendor": "infoblox",
"version": "6.8.5"
},
{
"model": "inc network automation",
"scope": null,
"trust": 0.6,
"vendor": "infoblox",
"version": null
},
{
"model": "netmri",
"scope": "eq",
"trust": 0.6,
"vendor": "infoblox",
"version": "6.8.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infoblox:netmri",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Kettlewell of Depth Security",
"sources": [
{
"db": "BID",
"id": "68473"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-3419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-04294",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3419",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3419",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-344",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. Infoblox Network Automation is a network automation product. Infoblox Network Automation has a weak password with a username/password of root/root. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to a local security-bypass vulnerability. \nLocal attackers may exploit this issue to bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "BID",
"id": "68473"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3419",
"trust": 3.3
},
{
"db": "BID",
"id": "68473",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1030542",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "127410",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04294",
"trust": 0.6
},
{
"db": "XF",
"id": "94450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "BID",
"id": "68473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"id": "VAR-201407-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
}
]
},
"last_update_date": "2025-04-13T23:25:24.077000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infoblox NetMRI",
"trust": 0.8,
"url": "http://www.infoblox.jp/products/network-automation/netmri"
},
{
"title": "Infoblox Network Automation product local security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47484"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"trust": 2.4,
"url": "https://github.com/depthsecurity/netmri-2014-3418"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/127410/infoblox-6.8.4.x-weak-mysql-password.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/68473"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1030542"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/532710/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3419"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/532710"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94450"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-datasheet-automation-change-manager.pdf"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/landing/control-your-network/security-device-controller"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/en/products/netmri.html"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-datasheet-switch-port-manager.pdf"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/jul/43"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "BID",
"id": "68473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"db": "BID",
"id": "68473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68473"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"date": "2014-07-15T14:55:09.683000",
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04294"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68473"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-344"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68473"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-344"
}
],
"trust": 0.6
}
}
VAR-201808-1009
Vulnerability from variot - Updated: 2024-11-23 22:34Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. InfobloxNetMRI is a network automation product from Infoblox, USA that provides automated network discovery, switch port management, network change automation, and continuous configuration compliance management for routers, switches, and other network devices. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \342\200\230query\342\200\231 parameter to the /api/docs/index.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netmri",
"scope": "eq",
"trust": 3.0,
"vendor": "infoblox",
"version": "7.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infoblox:netmri",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
}
]
},
"cve": "CVE-2018-6643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-6643",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-17627",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-6643",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6643",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-6643",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-17627",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-866",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. InfobloxNetMRI is a network automation product from Infoblox, USA that provides automated network discovery, switch port management, network change automation, and continuous configuration compliance management for routers, switches, and other network devices. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \\342\\200\\230query\\342\\200\\231 parameter to the /api/docs/index.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNVD",
"id": "CNVD-2018-17627"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6643",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-17627",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"id": "VAR-201808-1009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
}
]
},
"last_update_date": "2024-11-23T22:34:07.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.infoblox.com/ "
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/undefinedmode/cve-2018-6643"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6643"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"date": "2018-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"date": "2018-08-28T19:29:20.270000",
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"date": "2018-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009926"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-866"
},
{
"date": "2024-11-21T04:11:03.220000",
"db": "NVD",
"id": "CVE-2018-6643"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17627"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-866"
}
],
"trust": 0.6
}
}