CVE-2018-11065

MEDIUM Year: 2018
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.

Related Vulnerabilities

CVE-2015-7784

MEDIUM
CVSS:4.3(Medium)

SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitra...

CWE-892015

CVE-2017-12302

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL ...

CWE-892017

CVE-2017-15546

MEDIUM
CVSS:4.3(Medium)

The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerabi...

CWE-892017

CVE-2018-0120

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerabil...

CWE-892018

CVE-2018-14623

MEDIUM
CVSS:4.3(Medium)

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal I...

CWE-892018

CVE-2018-15892

MEDIUM
CVSS:4.3(Medium)

FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.

CWE-892018