CVE-2002-0555 - OpenCVE

IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Informix Web Datablade

Configuration 1 [-]

OR	cpe:2.3:a:ibm:informix_web_datablade:4.10:::::::*
	cpe:2.3:a:ibm:informix_web_datablade:4.11:::::::*
	cpe:2.3:a:ibm:informix_web_datablade:4.12:::::::*
	cpe:2.3:a:ibm:informix_web_datablade:4.13:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html	Vendor Advisory
http://www.iss.net/security_center/static/8827.php	Vendor Advisory
http://www.securityfocus.com/bid/4498	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-11T04:00:00

Updated: 2002-06-15T09:00:00

Reserved: 2002-06-07T00:00:00

Link: CVE-2002-0555

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-07-03T04:00:00.000

Modified: 2008-09-05T20:28:19.913

Link: CVE-2002-0555

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4498", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4498"}, {"name": "20020411 IBM Informix Web DataBlade: Auto-decoding HTML entities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html"}, {"name": "informix-wbm-sql-decoding(8827)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8827.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4498", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4498"}, {"name": "20020411 IBM Informix Web DataBlade: Auto-decoding HTML entities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html"}, {"name": "informix-wbm-sql-decoding(8827)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8827.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0555", "datePublished": "2002-06-11T04:00:00", "dateReserved": "2002-06-07T00:00:00", "dateUpdated": "2002-06-15T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}