Details of VAR-201507-0714

ID

VAR-201507-0714

TITLE

MAS China Mobile Proxy Server SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-03377

DESCRIPTION

WAS China Mobile Proxy Server is to meet the high informationization group customers 'mobile office, production control, marketing services and other informatization needs through mobile terminals. The group customers' intranets are deployed for application coupling with their OA, ERP and CRP Gateway. A common SQL injection vulnerability exists in the MAS China Mobile proxy server, allowing attackers to use this vulnerability to obtain database sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2015-03377

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03377

AFFECTED PRODUCTS

vendor:

model:

mobile was proxy server

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2015-03377

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-03377
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2015-03377
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-03377

PATCH

title:

China Mobile MAS proxy server has SQL injection vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/58784

Trust: 0.6

sources: CNVD: CNVD-2015-03377

EXTERNAL IDS

db:

CNVD

id:

CNVD-2015-03377

Trust: 0.6

sources: CNVD: CNVD-2015-03377

SOURCES

db:

CNVD

id:

CNVD-2015-03377

LAST UPDATE DATE

2022-05-04T09:12:01.956000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2015-03377

date:

2015-06-04T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2015-03377

date:

2015-07-06T00:00:00