CVE-2020-9318 - OpenCVE

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Red-gate	Sql Monitor

Configuration 1 [-]

cpe:2.3:a:red-gate:sql_monitor:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-02-19-sql-monitor	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-20T20:58:19

Updated: 2020-02-20T20:58:19

Reserved: 2020-02-20T00:00:00

Link: CVE-2020-9318

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-20T21:15:11.943

Modified: 2020-02-25T15:16:21.553

Link: CVE-2020-9318

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:red-gate:sql_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F0ED875-752A-4827-BE30-1B2B802261C7", "versionEndIncluding": "9.2.14", "versionStartIncluding": "9.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15."}, {"lang": "es", "value": "Red Gate SQL Monitor versiones 9.0.13 hasta 9.2.14, permite a un usuario administrativo llevar a cabo un ataque de inyecci\u00f3n SQL estableciendo la configuraci\u00f3n de alerta SNMP en la Interfaz de Usuario. Esto se corrige en la versi\u00f3n 9.2.15."}], "id": "CVE-2020-9318", "lastModified": "2020-02-25T15:16:21.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-20T21:15:11.943", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-02-19-sql-monitor"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}