cvelistv5 - cve-2011-0467

CVE-2011-0467 (GCVE-0-2011-0467)

Vulnerability from cvelistv5 – Published: 2018-06-07 21:00 – Updated: 2024-09-17 01:16

Summary

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Assigner

microfocus

References

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=675039	x_refsource_CONFIRM
	https://www.suse.com/security/cve/CVE-2011-0467/	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

SUSE

SUSE Studio Onsite

Affected: unspecified , < 1.0.3-0.18.1 (custom)

SUSE

SUSE Studio Onsite 1.1 Appliance

Affected: unspecified , < 1.1.2-0.25.1 (custom)

Credits

Matthias Weckbecker of SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:09.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Studio Onsite",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.0.3-0.18.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "SUSE Studio Onsite 1.1 Appliance",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.1.2-0.25.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Matthias Weckbecker of SUSE"
        }
      ],
      "datePublic": "2011-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:40",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
        }
      ],
      "source": {
        "advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
        "defect": [
          "675039"
        ],
        "discovery": "INTERNAL"
      },
      "title": "SQL injection in SUSE studio via select parameter",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2011-02-25T00:00:00.000Z",
          "ID": "CVE-2011-0467",
          "STATE": "PUBLIC",
          "TITLE": "SQL injection in SUSE studio via select parameter"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SUSE Studio Onsite",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "1.0.3-0.18.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SUSE Studio Onsite 1.1 Appliance",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "1.1.2-0.25.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Matthias Weckbecker of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
            },
            {
              "name": "https://www.suse.com/security/cve/CVE-2011-0467/",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
            }
          ]
        },
        "source": {
          "advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
          "defect": [
            "675039"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2011-0467",
    "datePublished": "2018-06-07T21:00:00Z",
    "dateReserved": "2011-01-14T00:00:00",
    "dateUpdated": "2024-09-17T01:16:48.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.3-0.18.1\", \"matchCriteriaId\": \"C42718F7-670F-4F40-B303-509A3EA8E0A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:studio_onsite_appliance:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.1.2-0.25.1\", \"matchCriteriaId\": \"7A21D079-FA07-4B35-8F99-826D0E54A6B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias mediante inyecci\\u00f3n SQL. Las versiones afectadas son SUSE Studio Onsite: versiones anteriores a la versi\\u00f3n 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versiones anteriores a la versi\\u00f3n  1.1.2-0.25.1.\"}]",
      "id": "CVE-2011-0467",
      "lastModified": "2024-11-21T01:24:03.337",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-07T21:29:00.260",
      "references": "[{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=675039\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.suse.com/security/cve/CVE-2011-0467/\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=675039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.suse.com/security/cve/CVE-2011-0467/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0467\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-06-07T21:29:00.260\",\"lastModified\":\"2024-11-21T01:24:03.337\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias mediante inyecci\u00f3n SQL. Las versiones afectadas son SUSE Studio Onsite: versiones anteriores a la versi\u00f3n 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versiones anteriores a la versi\u00f3n  1.1.2-0.25.1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.3-0.18.1\",\"matchCriteriaId\":\"C42718F7-670F-4F40-B303-509A3EA8E0A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:studio_onsite_appliance:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.2-0.25.1\",\"matchCriteriaId\":\"7A21D079-FA07-4B35-8F99-826D0E54A6B3\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=675039\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.suse.com/security/cve/CVE-2011-0467/\",\"source\":\"security@opentext.com\"},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=675039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.suse.com/security/cve/CVE-2011-0467/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-949H-C8Q7-FFM5

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-07T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.",
  "id": "GHSA-949h-c8q7-ffm5",
  "modified": "2022-05-13T01:28:44Z",
  "published": "2022-05-13T01:28:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0467"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/security/cve/CVE-2011-0467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2011-0467

Vulnerability from fkie_nvd - Published: 2018-06-07 21:29 - Updated: 2024-11-21 01:24

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@opentext.com	https://bugzilla.suse.com/show_bug.cgi?id=675039
	security@opentext.com	https://www.suse.com/security/cve/CVE-2011-0467/
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=675039
	af854a3a-2127-422b-91ae-364da2661108	https://www.suse.com/security/cve/CVE-2011-0467/

Impacted products

	Vendor	Product	Version
	suse	studio_onsite	*
	suse	studio_onsite_appliance	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42718F7-670F-4F40-B303-509A3EA8E0A7",
              "versionEndExcluding": "1.0.3-0.18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:studio_onsite_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A21D079-FA07-4B35-8F99-826D0E54A6B3",
              "versionEndExcluding": "1.1.2-0.25.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias mediante inyecci\u00f3n SQL. Las versiones afectadas son SUSE Studio Onsite: versiones anteriores a la versi\u00f3n 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versiones anteriores a la versi\u00f3n  1.1.2-0.25.1."
    }
  ],
  "id": "CVE-2011-0467",
  "lastModified": "2024-11-21T01:24:03.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T21:29:00.260",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
    },
    {
      "source": "security@opentext.com",
      "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-0467

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0467

Aliases

CVE-2011-0467

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0467",
    "description": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.",
    "id": "GSD-2011-0467",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0467.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0467"
      ],
      "details": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.",
      "id": "GSD-2011-0467",
      "modified": "2023-12-13T01:19:03.911744Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2011-02-25T00:00:00.000Z",
        "ID": "CVE-2011-0467",
        "STATE": "PUBLIC",
        "TITLE": "SQL injection in SUSE studio via select parameter"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SUSE Studio Onsite",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "1.0.3-0.18.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SUSE Studio Onsite 1.1 Appliance",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "1.1.2-0.25.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SUSE"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Matthias Weckbecker of SUSE"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
          },
          {
            "name": "https://www.suse.com/security/cve/CVE-2011-0467/",
            "refsource": "CONFIRM",
            "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
          }
        ]
      },
      "source": {
        "advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
        "defect": [
          "675039"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio_onsite_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.2-0.25.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.3-0.18.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2011-0467"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.suse.com/security/cve/CVE-2011-0467/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-01-24T15:15Z",
      "publishedDate": "2018-06-07T21:29Z"
    }
  }
}

CNVD-2018-11403

Vulnerability from cnvd - Published: 2018-06-13

Title

Novell SUSE Studio Onsite和SUSE Studio Onsite Appliance SQL注入漏洞

Description

Novell SUSE Studio Onsite和SUSE Studio Onsite Appliance都是美国Novell公司的用于在Web浏览器中构建和测试软件应用程序的Web应用程序。 Novell SUSE Studio Onsite 1.0.3-0.18.1之前版本和SUSE Studio Onsite Appliance 1.1.2-0.25.1之前版本中可用软件的列表存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL语句。

Severity

高

Patch Name

Novell SUSE Studio Onsite和SUSE Studio Onsite Appliance SQL注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.suse.com/security/cve/CVE-2011-0467/

Reference

https://bugzilla.suse.com/show_bug.cgi?id=675039

Impacted products

Name
['Novell SUSE Studio Onsite <(1.0.3-0.18.1)', 'Novell SUSE Studio Onsite Appliance <(1.1.2-0.25.1)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2011-0467"
    }
  },
  "description": "Novell SUSE Studio Onsite\u548cSUSE Studio Onsite Appliance\u90fd\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u7528\u4e8e\u5728Web\u6d4f\u89c8\u5668\u4e2d\u6784\u5efa\u548c\u6d4b\u8bd5\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u7684Web\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nNovell SUSE Studio Onsite 1.0.3-0.18.1\u4e4b\u524d\u7248\u672c\u548cSUSE Studio Onsite Appliance 1.1.2-0.25.1\u4e4b\u524d\u7248\u672c\u4e2d\u53ef\u7528\u8f6f\u4ef6\u7684\u5217\u8868\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u8bed\u53e5\u3002",
  "discovererName": "Thomas Biege",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.suse.com/security/cve/CVE-2011-0467/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11403",
  "openTime": "2018-06-13",
  "patchDescription": "Novell SUSE Studio Onsite\u548cSUSE Studio Onsite Appliance\u90fd\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u7528\u4e8e\u5728Web\u6d4f\u89c8\u5668\u4e2d\u6784\u5efa\u548c\u6d4b\u8bd5\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u7684Web\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nNovell SUSE Studio Onsite 1.0.3-0.18.1\u4e4b\u524d\u7248\u672c\u548cSUSE Studio Onsite Appliance 1.1.2-0.25.1\u4e4b\u524d\u7248\u672c\u4e2d\u53ef\u7528\u8f6f\u4ef6\u7684\u5217\u8868\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u8bed\u53e5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Novell SUSE Studio Onsite\u548cSUSE Studio Onsite Appliance SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Novell SUSE Studio Onsite \u003c(1.0.3-0.18.1)",
      "Novell SUSE Studio Onsite Appliance \u003c(1.1.2-0.25.1)"
    ]
  },
  "referenceLink": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-12",
  "title": "Novell SUSE Studio Onsite\u548cSUSE Studio Onsite Appliance SQL\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0467 (GCVE-0-2011-0467)

GHSA-949H-C8Q7-FFM5

FKIE_CVE-2011-0467

GSD-2011-0467

CNVD-2018-11403

Tags

Sightings

Nomenclature