CVE-2018-1280

{"id": "CVE-2018-1280", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-11T20:29:00.510", "references": [{"url": "http://www.securityfocus.com/bid/104153", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2018-1280", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/104153", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2018-1280", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents."}, {"lang": "es", "value": "Pivotal Greenplum Command Center, en versiones 2.x anteriores a la 2.5.1, contiene una vulnerabilidad de inyecci\u00f3n SQL ciega. Un usuario no autenticado puede realizar una inyecci\u00f3n SQL en el centro de comandos, lo que resulta en la divulgaci\u00f3n del contenido de la base de datos."}], "lastModified": "2024-11-21T03:59:32.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:greenplum_command_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "512CED73-60F6-4378-976F-C5BD6CFB33F5", "versionEndExcluding": "2.5.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}