Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-12464
PUBLISHED
More InfoOfficial Page
Assigner-microfocus
Assigner Org ID-f81092c5-7f14-476d-80dc-24857f90be84
View Known Exploited Vulnerability (KEV) details
Published At-29 Jun, 2018 | 16:00
Updated At-17 Sep, 2024 | 01:55
Rejected At-
▼CVE Numbering Authority (CNA)
Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

Affected Products
Vendor
Micro Focus International LimitedMicro Focus
Product
Secure Messaging Gateway
Versions
Affected
  • From unspecified before 471 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-89Unauthenticated SQL injection (CWE-89)
Metrics
VersionBase scoreBase severityVector
3.010.0CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console.

Configurations
Workarounds
Exploits
Credits
Mehmet INCE from PRODAFT
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/45083/
exploit
x_refsource_EXPLOIT-DB
https://support.microfocus.com/kb/doc.php?id=7023132
x_refsource_CONFIRM
https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/45083/
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://support.microfocus.com/kb/doc.php?id=7023132
x_refsource_CONFIRM
x_transferred
https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
x_refsource_CONFIRM
x_transferred
Details not found