Vulnerability Name: | CVE-2007-5084 (CCN-36828) | ||||||||
Assigned: | 2007-09-26 | ||||||||
Published: | 2007-09-26 | ||||||||
Updated: | 2021-04-07 | ||||||||
Summary: | Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-89 | ||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-5084 Source: CCN Type: TPTI-07-17 CA BrightStor Hierarchical Storage Manager SQL Injection Vulnerabilities Source: MISC Type: UNKNOWN http://dvlabs.tippingpoint.com/advisory/TPTI-07-17 Source: CCN Type: SA26914 CA BrightStor Hierarchical Storage Manager CsAgent Vulnerabilities Source: SECUNIA Type: Vendor Advisory 26914 Source: CCN Type: SECTRACK ID: 1018747 CA BrightStor Hierarchical Storage Manager Bugs Let Remote Users Inject SQL Commands or Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1018747 Source: CCN Type: CA SupportConnect Web site CA BrightStor Hierarchical Storage Manager CsAgent Security Notice Source: CONFIRM Type: Patch http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp Source: CCN Type: BrightStor Hierarchical Storage Managent Web site BrightStor Hierarchical Storage Manager - CA Source: CONFIRM Type: Patch http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692 Source: CCN Type: OSVDB ID: 41365 BrightStor Hierarchical Storage Manager (HSM) CsAgent Service Commands Multiple Unspecified SQL Injection Source: BUGTRAQ Type: UNKNOWN 20070927 [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities Source: BID Type: UNKNOWN 25823 Source: CCN Type: BID-25823 Computer Associates BrightStor Hierarchical Storage Manager CsAgent Multiple Remote Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2007-3275 Source: XF Type: UNKNOWN ca-brightstor-csagent-sql-injection(36828) Source: XF Type: UNKNOWN ca-brightstor-csagent-sql-injection(36828) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |