Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

Dell Kace 1000 Systems Management Appliance is prone to multiple SQL injection vulnerabilities

Impact

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Updates are available.

Insight

Dell Kace 1000 Systems Management Appliance is prone to multiple SQL- injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Affected

Dell Kace 1000 Systems Management Appliance 5.4.76847 is vulnerable other versions may also be affected.

Detection

Check the version

References

http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-%28DS-2014-001%29
http://www.securityfocus.com/bid/65029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1671

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Admidio get_file.php Remote File Disclosure Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache Tomcat NIO Connector Denial of Service Vulnerability

Take action and discover your vulnerabilities