Vulnerability Description
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netcracker | Resource Management System | < 8.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-SysteExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-SysteExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-3423?
CVE-2015-3423 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h___...
How severe is CVE-2015-3423?
CVE-2015-3423 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3423?
Check the references section above for vendor advisories and patch information. Affected products include: Netcracker Resource Management System.