CVE - CVE-2007-2230

CVE-ID
CVE-2007-2230	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:23671 URL:http://www.securityfocus.com/bid/23671 BUGTRAQ:20070424 Security Advisory: CA CleverPath SQL Injection URL:http://www.securityfocus.com/archive/1/466760/100/0/threaded CONFIRM:ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt CONFIRM:http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp CONFIRM:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879 FULLDISC:20070424 Security Advisory: CA CleverPath SQL Injection URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.html MISC:http://www.hacktics.com/AdvCleverPathApr07.html OSVDB:34128 URL:~~http://www.osvdb.org/34128~~ (Obsolete source) SECTRACK:1017970 URL:http://www.securitytracker.com/id?1017970 SECUNIA:25002 URL:http://secunia.com/advisories/25002 VUPEN:ADV-2007-1544 URL:~~http://www.vupen.com/english/advisories/2007/1544~~ (Obsolete source) XF:ca-cpp-search-sql-injection(33853) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33853
Assigning CNA
MITRE Corporation
Date Record Created
20070425	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070425)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)