CVE-2007-5084

critical

Description

Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36828

http://www.vupen.com/english/advisories/2007/3275

http://www.securityfocus.com/bid/25823

http://www.securityfocus.com/archive/1/480808/100/0/threaded

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692

http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp

http://securitytracker.com/id?1018747

http://secunia.com/advisories/26914

http://dvlabs.tippingpoint.com/advisory/TPTI-07-17

Details

Source: Mitre, NVD

Published: 2007-10-01

Updated: 2021-04-07

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical