CVE-2012-2684

critical

Description

Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.

References

http://www.securityfocus.com/bid/55618

http://secunia.com/advisories/50660

http://rhn.redhat.com/errata/RHSA-2012-1281.html

http://rhn.redhat.com/errata/RHSA-2012-1278.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245

Details

Source: Mitre, NVD

Published: 2012-09-28

Updated: 2021-07-15

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical