Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1562

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1562
Last Modified 06 Sep 2011 11:16:12
Published 05 Apr 2011 11:19:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1562

Summary

Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.

Vulnerable Systems

Application

  • Ecava Integraxor 3.60


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-082-01.pdf

CONFIRM - http://www.integraxor.com/blog/security-issue-sql-unauthenticated-vulnerability-note

XF - integraxor-unspecified-sql-injection(66306)

VUPEN - ADV-2011-0761

BID - 47019

CONFIRM - http://www.integraxor.com/blog/security-issue-20101222-0700-vulnerability-note

MISC - http://twitter.com/#!/djrbliss/status/50685527749431296

SECUNIA - 44105


Last Updated: 27 May 2016 10:56:22