Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

Dell Kace 1000 Systems Management Appliance is prone to multiple SQL injection vulnerabilities

Impact

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Updates are available.

Insight

Dell Kace 1000 Systems Management Appliance is prone to multiple SQL- injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Affected

Dell Kace 1000 Systems Management Appliance 5.4.76847 is vulnerable other versions may also be affected.

Detection

Check the version

References

http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-%28DS-2014-001%29
http://www.securityfocus.com/bid/65029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1671
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tiles Multiple XSS Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities