CVE-2018-7107: SQL Injection
First published: Thu Sep 27 2018(Updated: )
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HPE Device Entitlement Gateway | =3.2.4 | |
| HPE Device Entitlement Gateway | =3.3 | |
| HPE Device Entitlement Gateway | =3.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-7107?
CVE-2018-7107 has been rated as high severity due to its potential for remote exploitation leading to SQL injection and privilege escalation.
How do I fix CVE-2018-7107?
To remediate CVE-2018-7107, upgrade HPE Device Entitlement Gateway to the latest version provided by HPE.
Who is affected by CVE-2018-7107?
CVE-2018-7107 affects users of HPE Device Entitlement Gateway versions 3.2.4, 3.3, and 3.3.1.
What types of attacks can CVE-2018-7107 enable?
CVE-2018-7107 can enable attackers to perform local SQL injection attacks and elevate privileges on affected systems.
Is CVE-2018-7107 actively being exploited?
As of the latest reports, there is no confirmed active exploitation of CVE-2018-7107, but mitigation is strongly advised.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/hpe
- canonical/hpe device entitlement gateway
- version/hpe device entitlement gateway/3.2.4
- version/hpe device entitlement gateway/3.3
- version/hpe device entitlement gateway/3.3.1