CVE-2007-5084 - OpenCVE

Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Brightstor Hierarchical Storage Manager

Configuration 1 [-]

cpe:2.3:a:broadcom:brightstor_hierarchical_storage_manager:*:*:*:*:*:*:*:*

References

Link	Resource
http://dvlabs.tippingpoint.com/advisory/TPTI-07-17
http://secunia.com/advisories/26914	Vendor Advisory
http://securitytracker.com/id?1018747
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692	Patch
http://www.securityfocus.com/archive/1/480808/100/0/threaded
http://www.securityfocus.com/bid/25823
http://www.vupen.com/english/advisories/2007/3275	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36828

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-01T20:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-25T00:00:00

Link: CVE-2007-5084

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-01T20:17:00.000

Modified: 2021-04-07T18:19:56.960

Link: CVE-2007-5084

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26914"}, {"name": "20070927 [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/480808/100/0/threaded"}, {"name": "ADV-2007-3275", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3275"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692"}, {"name": "25823", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25823"}, {"name": "ca-brightstor-csagent-sql-injection(36828)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36828"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp"}, {"name": "1018747", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018747"}, {"tags": ["x_refsource_MISC"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5084", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26914", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26914"}, {"name": "20070927 [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/480808/100/0/threaded"}, {"name": "ADV-2007-3275", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3275"}, {"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692"}, {"name": "25823", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25823"}, {"name": "ca-brightstor-csagent-sql-injection(36828)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36828"}, {"name": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp"}, {"name": "1018747", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018747"}, {"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-17", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-17"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5084", "datePublished": "2007-10-01T20:00:00", "dateReserved": "2007-09-25T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_hierarchical_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F3BF860-8EF3-42D6-B6A3-8E6A8DAFDF26", "versionEndIncluding": "11.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) versiones anteriores a r11.6, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de los comandos de servicio CsAgent con opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, y posiblemente otros."}], "id": "CVE-2007-5084", "lastModified": "2021-04-07T18:19:56.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-01T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-17"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26914"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018747"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/480808/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25823"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3275"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36828"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}