CVE-2021-28970: SQL Injection
First published: Thu Apr 01 2021(Updated: )
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FireEye Email Malware Protection System | =9.0.1.923211 | |
| Fireeye EX 3500 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28970?
CVE-2021-28970 is categorized as a high severity vulnerability due to the potential for SQL injection attacks.
How do I fix CVE-2021-28970?
To fix CVE-2021-28970, upgrade the FireEye Email Malware Protection System to version 9.0.3 or higher.
Who is affected by CVE-2021-28970?
CVE-2021-28970 affects users of FireEye Email Malware Protection System version 9.0.1.923211.
What kind of attack can be executed using CVE-2021-28970?
CVE-2021-28970 allows remote authenticated users to perform SQL injection attacks via the job_id parameter.
Is there a known patch for CVE-2021-28970?
Yes, a patch is available in version 9.0.3 of the FireEye Email Malware Protection System.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fireeye
- canonical/fireeye email malware protection system
- version/fireeye email malware protection system/9.0.1.923211
- canonical/fireeye ex 3500 firmware