Vulnerability-Lookup

CNVD-2018-11115

Vulnerability from cnvd - Published: 2018-06-08

Title

RSA Web Threat Detection SQL注入漏洞

Description

EMC RSA Web Threat Detection是美国易安信（EMC）公司的一套大数据及安全分析解决方案。该方案可利用Web会话情报和实时行为分析检测网络犯罪。 EMC RSA Web Threat Detection 6.4之前版本中的Administration和Forensics应用程序存在SQL注入漏洞。远程攻击者可通过向受影响应用程序发送特制的输入利用该漏洞在后端数据库上执行SQL命令，获取该工具的监视功能及用户信息的访问权限。

Severity

中

Patch Name

RSA Web Threat Detection SQL注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.rsa.com/en-us/products/fraud-prevention

Reference

https://securitytracker.com/id/1041026

Impacted products

Name
EMC RSA Web Threat Detection <6.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104396"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1252"
    }
  },
  "description": "EMC RSA Web Threat Detection\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u5927\u6570\u636e\u53ca\u5b89\u5168\u5206\u6790\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u5229\u7528Web\u4f1a\u8bdd\u60c5\u62a5\u548c\u5b9e\u65f6\u884c\u4e3a\u5206\u6790\u68c0\u6d4b\u7f51\u7edc\u72af\u7f6a\u3002\r\n\r\nEMC RSA Web Threat Detection 6.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684Administration\u548cForensics\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u7279\u5236\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u540e\u7aef\u6570\u636e\u5e93\u4e0a\u6267\u884cSQL\u547d\u4ee4\uff0c\u83b7\u53d6\u8be5\u5de5\u5177\u7684\u76d1\u89c6\u529f\u80fd\u53ca\u7528\u6237\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "EMC",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.rsa.com/en-us/products/fraud-prevention",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11115",
  "openTime": "2018-06-08",
  "patchDescription": "EMC RSA Web Threat Detection\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u5927\u6570\u636e\u53ca\u5b89\u5168\u5206\u6790\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u5229\u7528Web\u4f1a\u8bdd\u60c5\u62a5\u548c\u5b9e\u65f6\u884c\u4e3a\u5206\u6790\u68c0\u6d4b\u7f51\u7edc\u72af\u7f6a\u3002\r\n\r\nEMC RSA Web Threat Detection 6.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684Administration\u548cForensics\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u7279\u5236\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u540e\u7aef\u6570\u636e\u5e93\u4e0a\u6267\u884cSQL\u547d\u4ee4\uff0c\u83b7\u53d6\u8be5\u5de5\u5177\u7684\u76d1\u89c6\u529f\u80fd\u53ca\u7528\u6237\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "RSA Web Threat Detection  SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC RSA Web Threat Detection \u003c6.4"
  },
  "referenceLink": "https://securitytracker.com/id/1041026",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-05",
  "title": "RSA Web Threat Detection  SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2018-1252 (GCVE-0-2018-1252)

Vulnerability from cvelistv5 – Published: 2018-06-05 12:00 – Updated: 2024-09-17 03:32

Title

RSA Web Threat Detection SQL Injection Vulnerability

Summary

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.

Severity ?

No CVSS data available.

CWE

SQL Injection Vulnerability

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1041026	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/104396	vdb-entryx_refsource_BID
	http://seclists.org/fulldisclosure/2018/Jun/4	mailing-listx_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	RSA	Web Threat Detection	Affected: unspecified , < 6.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041026",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041026"
          },
          {
            "name": "104396",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104396"
          },
          {
            "name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jun/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Web Threat Detection",
          "vendor": "RSA",
          "versions": [
            {
              "lessThan": "6.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection\tVulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-07T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1041026",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041026"
        },
        {
          "name": "104396",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104396"
        },
        {
          "name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jun/4"
        }
      ],
      "source": {
        "advisory": "DSA-2018-085",
        "discovery": "UNKNOWN"
      },
      "title": "RSA Web Threat Detection SQL Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-05-31T04:00:00.000Z",
          "ID": "CVE-2018-1252",
          "STATE": "PUBLIC",
          "TITLE": "RSA Web Threat Detection SQL Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Web Threat Detection",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "RSA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool\u0027s monitoring and user information by supplying specially crafted input data to the affected application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection\tVulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041026",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041026"
            },
            {
              "name": "104396",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104396"
            },
            {
              "name": "20180531 DSA-2018-085: RSA Web Threat Detection SQL Injection Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Jun/4"
            }
          ]
        },
        "source": {
          "advisory": "DSA-2018-085",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1252",
    "datePublished": "2018-06-05T12:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-17T03:32:36.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-11115

CVE-2018-1252 (GCVE-0-2018-1252)

Tags

Sightings

Nomenclature