Details of VAR-201806-1008

ID

VAR-201806-1008

CVE

CVE-2018-0225

TITLE

Cisco AppDynamics App iQ In the platform SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006100

DESCRIPTION

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. Vendors have confirmed this vulnerability Security Advisory 2089 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Remote attackers can use this vulnerability to inject SQL statements

Trust: 1.8

sources: NVD: CVE-2018-0225 // JVNDB: JVNDB-2018-006100 // VULHUB: VHN-118427 // VULMON: CVE-2018-0225

AFFECTED PRODUCTS

vendor:	cisco	model:	appdynamics app iq	scope:	eq	version:	4.4.3.9459	Trust: 1.6
vendor:	cisco	model:	appdynamics app iq	scope:	eq	version:	4.4.3.10005	Trust: 1.6
vendor:	cisco	model:	appdynamics app iq	scope:	eq	version:	4.4.3.10393	Trust: 1.6
vendor:	cisco	model:	appdynamics app iq	scope:	lte	version:	4.4.3	Trust: 1.0
vendor:	cisco	model:	appdynamics app iq	scope:	lt	version:	4.4.3.10598 (hf4)	Trust: 0.8
vendor:	cisco	model:	appdynamics app iq	scope:	eq	version:	4.4.3	Trust: 0.6

sources: JVNDB: JVNDB-2018-006100 // CNNVD: CNNVD-201806-581 // NVD: CVE-2018-0225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0225
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0225
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201806-581
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118427
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0225
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0225
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-118427
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0225
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118427 // VULMON: CVE-2018-0225 // JVNDB: JVNDB-2018-006100 // CNNVD: CNNVD-201806-581 // NVD: CVE-2018-0225

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-118427 // JVNDB: JVNDB-2018-006100 // NVD: CVE-2018-0225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-581

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-581

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006100

PATCH

title:	4.4.3.10598 (HF4) Updates	url:	https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598%28HF4%29Updates	Trust: 0.8
title:	Cisco AppDynamics App iQ Platform SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80775	Trust: 0.6

sources: JVNDB: JVNDB-2018-006100 // CNNVD: CNNVD-201806-581

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0225	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-006100	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-581	Trust: 0.7
db:	VULHUB	id:	VHN-118427	Trust: 0.1
db:	VULMON	id:	CVE-2018-0225	Trust: 0.1

sources: VULHUB: VHN-118427 // VULMON: CVE-2018-0225 // JVNDB: JVNDB-2018-006100 // CNNVD: CNNVD-201806-581 // NVD: CVE-2018-0225

REFERENCES

url:	https://docs.appdynamics.com/display/pro44/release+notes#releasenotes-4.4.3.10598%28hf4%29updates	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0225	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0225	Trust: 0.8
url:	https://docs.appdynamics.com/display/pro44/release+notes#releasenotes-4.4.3.10598(hf4)updates	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-118427 // VULMON: CVE-2018-0225 // JVNDB: JVNDB-2018-006100 // CNNVD: CNNVD-201806-581 // NVD: CVE-2018-0225

SOURCES

db:	VULHUB	id:	VHN-118427
db:	VULMON	id:	CVE-2018-0225
db:	JVNDB	id:	JVNDB-2018-006100
db:	CNNVD	id:	CNNVD-201806-581
db:	NVD	id:	CVE-2018-0225

LAST UPDATE DATE

2024-11-23T22:06:47.538000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118427	date:	2019-03-29T00:00:00
db:	VULMON	id:	CVE-2018-0225	date:	2019-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-006100	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-581	date:	2019-04-03T00:00:00
db:	NVD	id:	CVE-2018-0225	date:	2024-11-21T03:37:46.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118427	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-0225	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-006100	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-581	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-0225	date:	2018-06-08T20:29:00.220