CVE-2015-0782

{"id": "CVE-2015-0782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-08-09T18:29:00.683", "references": [{"url": "http://www.securityfocus.com/bid/72808", "source": "security@opentext.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-148", "source": "security@opentext.com"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7016431", "source": "security@opentext.com"}, {"url": "http://www.securityfocus.com/bid/72808", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-148", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7016431", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00e9todo ScheduleQuery de la clase schedule en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar."}], "lastModified": "2024-11-21T02:23:42.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02FD0617-2578-4F91-AAEF-D9CB68D224D9"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}