CVE-2015-0780

{"id": "CVE-2015-0780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-08-09T18:29:00.607", "references": [{"url": "http://www.securityfocus.com/bid/74284", "source": "security@opentext.com"}, {"url": "http://www.securitytracker.com/id/1032166", "source": "security@opentext.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-147", "source": "security@opentext.com"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7016431", "source": "security@opentext.com"}, {"url": "http://www.securityfocus.com/bid/74284", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032166", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-147", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7016431", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00e9todo GetReRequestData de la clase GetStoredResult en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar."}], "lastModified": "2024-11-21T02:23:42.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02FD0617-2578-4F91-AAEF-D9CB68D224D9"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}