Greenbone OS SQL Injection Vulnerability Network Vulnerability

Impact

A successful attack is possible if the attacker controls a user account for the web interface or for OMP. The attacker will gain read access to the database.

Solution

Update to Greenbone OS 2.2.0-34/3.0.29

Insight

A software bug in OVS Manager allows remote attackers to inject SQL code that reads data from the database.

Affected

Greenbone OS 2.2.0-1 up to 2.2.0-33. Greenbone OS 3.0.1 up to 3.0.28.

Detection

Check the version of Greenbone OS.

References

http://www.greenbone.net/technology/gbsa2014-02.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9220
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleFR CMS Multiple Vulnerabilities - Jan15
Athena Web Registration remote command execution flaw
Advantech WebAccess Multiple Vulnerabilities
Alchemy Eye HTTP Command Execution
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities