CVE-2007-2230

high

Description

SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33853

http://www.vupen.com/english/advisories/2007/1544

http://www.securitytracker.com/id?1017970

http://www.securityfocus.com/bid/23671

http://www.securityfocus.com/archive/1/466760/100/0/threaded

http://www.osvdb.org/34128

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879

http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp

http://secunia.com/advisories/25002

Details

Source: Mitre, NVD

Published: 2007-04-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01131