Greenbone OS SQL Injection Vulnerability Network Vulnerability

Impact

A successful attack is possible if the attacker controls a user account for the web interface or for OMP. The attacker will gain read access to the database.

Solution

Update to Greenbone OS 2.2.0-34/3.0.29

Insight

A software bug in OVS Manager allows remote attackers to inject SQL code that reads data from the database.

Affected

Greenbone OS 2.2.0-1 up to 2.2.0-33. Greenbone OS 3.0.1 up to 3.0.28.

Detection

Check the version of Greenbone OS.

References

http://www.greenbone.net/technology/gbsa2014-02.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9220

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Authentication Bypass Vulnerability
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
admin.cgi overflow
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
68designs 68kb Multiple Remote File Include Vulnerabilities

Take action and discover your vulnerabilities