Vulnerability Description
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bacula | Bacula-Web | <= 7.4.0 |
Related Weaknesses (CWE)
References
- http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.htmlRelease NotesVendor Advisory
- http://bugs.bacula-web.org/view.php?id=211Issue TrackingVendor Advisory
- https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d70PatchThird Party Advisory
- https://www.exploit-db.com/exploits/44272/ExploitThird Party AdvisoryVDB Entry
- http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.htmlRelease NotesVendor Advisory
- http://bugs.bacula-web.org/view.php?id=211Issue TrackingVendor Advisory
- https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d70PatchThird Party Advisory
- https://www.exploit-db.com/exploits/44272/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-15367?
CVE-2017-15367 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the...
How severe is CVE-2017-15367?
CVE-2017-15367 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-15367?
Check the references section above for vendor advisories and patch information. Affected products include: Bacula Bacula-Web.