- Description
- SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5B837A3-E1D7-469D-9A2C-1648DB869524"
},
{
"criteria": "cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D5319DC-7C56-4661-83A6-6F226DD6804F"
}
],
"operator": "OR"
}
]
}
]