7.5
CVE-2012-5520
- EPSS 2.13%
- Published 26.11.2012 12:45:22
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Data is provided by the National Vulnerability Database (NVD)
Openvas ≫ Openvas Manager Version3.0 Updatebeta1
Openvas ≫ Openvas Manager Version3.0 Updatebeta2
Openvas ≫ Openvas Manager Version3.0 Updatebeta3
Openvas ≫ Openvas Manager Version3.0 Updatebeta4
Openvas ≫ Openvas Manager Version3.0 Updatebeta5
Openvas ≫ Openvas Manager Version3.0 Updatebeta6
Openvas ≫ Openvas Manager Version3.0 Updatebeta7
Openvas ≫ Openvas Manager Version3.0 Updatebeta8
Openvas ≫ Openvas Manager Version3.0 Updaterc1
Openvas ≫ Openvas Manager Version3.0.0
Openvas ≫ Openvas Manager Version3.0.1
Openvas ≫ Openvas Manager Version3.0.2
Openvas ≫ Openvas Manager Version3.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.13% | 0.835 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.