CVE-2015-1605

{"id": "CVE-2015-1605", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-24T15:59:07.613", "references": [{"url": "http://www.securityfocus.com/bid/72697", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-048/", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-049/", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Dell ScriptLogic Asset Manager (tambi\u00e9n conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados en (1) GetClientPackage.aspx o (2) GetProcessedPackage.aspx."}], "lastModified": "2015-02-25T16:58:46.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:asset_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9134369B-2A53-4028-AE90-89975073F05A", "versionEndIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}