CVE-2021-28969: SQL Injection
First published: Thu Apr 01 2021(Updated: )
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FireEye Email Malware Protection System | =9.0.1.923211 | |
| Fireeye EX 3500 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-28969?
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature.
How severe is CVE-2021-28969?
The severity of CVE-2021-28969 is rated as medium with a CVSS score of 6.5.
What software versions are affected by CVE-2021-28969?
FireEye EX 3500 devices running eMPS 9.0.1.923211 are affected by CVE-2021-28969.
How can CVE-2021-28969 be fixed?
The issue is fixed in version 9.0.3 as provided by the vendor.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fireeye
- canonical/fireeye email malware protection system
- version/fireeye email malware protection system/9.0.1.923211
- canonical/fireeye ex 3500 firmware