Impact
A successful attack is possible if the attacker controls a user account for the web interface or for OMP. The attacker will gain read access to the database.
Solution
Update to Greenbone OS 2.2.0-34/3.0.29
Insight
A software bug in OVS Manager allows remote attackers to inject SQL code that reads data from the database.
Affected
Greenbone OS 2.2.0-1 up to 2.2.0-33.
Greenbone OS 3.0.1 up to 3.0.28.
Detection
Check the version of Greenbone OS.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9220 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Apple Safari RSS Feed Information Disclosure Vulnerability
- AlefMentor Multiple SQL Injection Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities