eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NFireeye Email Malware Protection System
APPFireeye9.0.1.923211Fireeye Ex 3500
HWFireeyewszystkie wersje
Powiązane podatności
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows ...
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to co...
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection atta...
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnera...
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker ...