CVE-2005-3315 : Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers t

Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.

Published 2005-10-30 20:02:00

Updated 2011-03-08 02:26:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2005-3315

Probability of exploitation activity in the next 30 days: 95.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-3315

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-3315

http://securitytracker.com/id?1015116
http://www.vupen.com/english/advisories/2005/2238
http://www.kb.cert.org/vuls/id/536300

US Government Resource
http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm

Patch
http://cirt.dk/advisories/cirt-39-advisory.pdf

Exploit;Patch;Vendor Advisory
http://securityreason.com/securityalert/124
http://www.securityfocus.com/bid/15220
http://www.securityfocus.com/archive/1/414880

Products affected by CVE-2005-3315

Novell » Zenworks Patch Management Server » Version: 6.0.0.52
cpe:2.3:a:novell:zenworks_patch_management_server:6.0.0.52:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-3315

Exploit prediction scoring system (EPSS) score for CVE-2005-3315

CVSS scores for CVE-2005-3315

References for CVE-2005-3315

Products affected by CVE-2005-3315