Vulnerability Description
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Cleverpath Portal | All versions |
Related Weaknesses (CWE)
References
- ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.
- http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.htmlExploitVendor Advisory
- http://secunia.com/advisories/25002Vendor Advisory
- http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879
- http://www.hacktics.com/AdvCleverPathApr07.htmlExploitVendor Advisory
- http://www.osvdb.org/34128
- http://www.securityfocus.com/archive/1/466760/100/0/threaded
- http://www.securityfocus.com/bid/23671
- http://www.securitytracker.com/id?1017970
- http://www.vupen.com/english/advisories/2007/1544Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33853
- ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.
- http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.htmlExploitVendor Advisory
- http://secunia.com/advisories/25002Vendor Advisory
FAQ
What is CVE-2007-2230?
CVE-2007-2230 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a li...
How severe is CVE-2007-2230?
CVE-2007-2230 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2230?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Cleverpath Portal.