CVE-2013-2050 — SQL Injection in Redhat Manageiq Enterprise Virtualization Manager

CWE-89 — SQL Injection5 documents5 sources

Severity

7.5HIGHNVD

EPSS

54.2%

top 1.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Manageiq Enterprise Virtualization Manager Redhat Cloudforms Management Engine

Timeline

PublishedJan 11

Latest updateMay 17

Description

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/manageiq_enterprise_virtualization_manager5.0

▶NVDredhat/cloudforms_management_engine5.1

🔴Vulnerability Details

GHSA

GHSA-h3r2-9qhv-2vw2: SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2↗2022-05-17

▶

CVEList

CVE-2013-2050: SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2↗2014-01-11

▶

📋Vendor Advisories

Red Hat

2: miq_policy/explorer SQL injection↗2013-11-13

▶

💬Community

Bugzilla

CVE-2013-2050 CloudForms Management Engine 2: miq_policy/explorer SQL injection↗2013-05-03

▶