CVE-2012-2684
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2012-1281.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2012-1278.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| trevor_mckay | cumin | {"endIncluding":"0.1.5192-4"} | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.