VULHUB ™

Unicenter Asset Management is reported prone to multiple vulnerabilities that may allow attackers to disclose sensitive information and carry out HTML injection and SQL injection attacks. The following specific issues were identified: It is reported that attackers with access to the admin console can disclose the masked SQL Admin password. The application is also reported prone to an HTML injection vulnerability. This issue arises due to an input validation error and may allow remote attackers to execute arbitrary HTML and script code in a user's browser. An SQL injection vulnerability exists in the application as well. This issue exists in the Query Designer and may allow remote attackers to inject malicious SQL code in to imported files. Unicenter Asset Management 4.0 for Windows is reported prone to these issues.

Unicenter Asset Management is reported prone to multiple vulnerabilities that may allow attackers to disclose sensitive information and carry out HTML injection and SQL injection attacks. The following specific issues were identified: It is reported that attackers with access to the admin console can disclose the masked SQL Admin password. The application is also reported prone to an HTML injection vulnerability. This issue arises due to an input validation error and may allow remote attackers to execute arbitrary HTML and script code in a user's browser. An SQL injection vulnerability exists in the application as well. This issue exists in the Query Designer and may allow remote attackers to inject malicious SQL code in to imported files. Unicenter Asset Management 4.0 for Windows is reported prone to these issues.