CVE-2015-0161: SQL Injection
First published: Mon May 25 2015(Updated: )
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM SiteProtector system | =3.0 | |
| IBM SiteProtector system | =3.0.0.1 | |
| IBM SiteProtector system | =3.0.0.2 | |
| IBM SiteProtector system | =3.0.0.3 | |
| IBM SiteProtector system | =3.0.0.4 | |
| IBM SiteProtector system | =3.0.0.5 | |
| IBM SiteProtector system | =3.0.0.6 | |
| IBM SiteProtector system | =3.1.0.0 | |
| IBM SiteProtector system | =3.1.0.1 | |
| IBM SiteProtector system | =3.1.0.2 | |
| IBM SiteProtector system | =3.1.0.3 | |
| IBM SiteProtector system | =3.1.1.0 | |
| IBM SiteProtector system | =3.1.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0161?
CVE-2015-0161 has a medium severity rating as it allows remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2015-0161?
To fix CVE-2015-0161, upgrade your IBM Security SiteProtector System to version 3.0.0.7 or later for 3.0.x, or 3.1.0.4 or later for 3.1.x.
Who is affected by CVE-2015-0161?
CVE-2015-0161 affects authenticated users of IBM Security SiteProtector System versions prior to 3.0.0.7, 3.1.0.4, and 3.1.1.2.
What types of attacks can be executed using CVE-2015-0161?
CVE-2015-0161 allows attackers to perform SQL injection attacks that could compromise the database and expose sensitive information.
Is CVE-2015-0161 under active exploitation?
There is no public information indicating that CVE-2015-0161 is currently being actively exploited, but organizations should apply the patch as a precaution.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/ibm
- canonical/ibm siteprotector system
- version/ibm siteprotector system/3.0
- version/ibm siteprotector system/3.0.0.1
- version/ibm siteprotector system/3.0.0.2
- version/ibm siteprotector system/3.0.0.3
- version/ibm siteprotector system/3.0.0.4
- version/ibm siteprotector system/3.0.0.5
- version/ibm siteprotector system/3.0.0.6
- version/ibm siteprotector system/3.1.0.0
- version/ibm siteprotector system/3.1.0.1
- version/ibm siteprotector system/3.1.0.2
- version/ibm siteprotector system/3.1.0.3
- version/ibm siteprotector system/3.1.1.0
- version/ibm siteprotector system/3.1.1.1