{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the \"filtering table operator.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-07T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"}, {"name": "RHSA-2013:1851", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.580Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"}, {"name": "RHSA-2013:1851", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4461", "datePublished": "2013-12-23T22:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the \"filtering table operator.\""}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el interfaz web para \"cumin\" en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores relacionados con el \"filtrado de la tabla de operador\"."}], "id": "CVE-2013-4461", "lastModified": "2024-11-21T01:55:36.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.833", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Tom\u00e1\u0161 Nov\u00e1\u010dik (Red Hat MRG Quality Engineering team).", "affected_release": [{"advisory": "RHSA-2013:1851", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "cumin-0:0.1.5787-4.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5787-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygems-0:1.8.23.2-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}], "bugzilla": {"description": "cumin: filtering table operator not checked, leads to potential SQLi", "id": "1016263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the \"filtering table operator.\""], "name": "CVE-2013-4461", "public_date": "2013-12-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4461\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4461"], "threat_severity": "Moderate"}