- Description
- SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- Source
- cret@cert.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:data_management_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D57A57A-493B-49B3-ABEC-32224EAF0CB1",
"versionEndIncluding": "1.4.2"
},
{
"criteria": "cpe:2.3:a:samsung:data_management_server:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFA476F0-16A4-4C01-A853-3111CF7903C4"
},
{
"criteria": "cpe:2.3:a:samsung:data_management_server:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E87B10B1-1BC2-4ADF-B8FF-687B02E3180D"
}
],
"operator": "OR"
}
]
}
]