CA CleverPath Portal远程SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

CleverPath Portal是一个安全、可扩展的企业信息门户,提供一个协作环境以及信息、应用和Web内容的整合视图。 CleverPath Portal在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞非授权访问数据库。 CleverPath Portal没有正确验证轻型搜索中的ofinterest参数及高级搜索中的description参数,如果攻击者修改了搜索URL中的上述参数的话,就可能导致发送非预期的数据库查询,检索整个数据库内容,具体取决于用户权限。 Computer Associates eTrust Security Command Center r8 Computer Associates eTrust Security Command Center r1 Computer Associates Unicenter Management Portal 3.1 Computer Associates Unicenter Management Portal 2.0 Computer Associates Unicenter Management Portal 11.0 Computer Associates BrightStor Portal 11.1 Computer Associates CleverPath Portal r4.71 Computer Associates CleverPath Portal r4.7 Computer Associates CleverPath Portal r4.51 Computer Associates CleverPath Aion BPM r10.2 Computer Associates CleverPath Aion BPM r10.1 Computer Associates CleverPath Aion BPM r10 Computer Associates Unicenter Database Management Portal r11.1 Computer Associates Unicenter Database Management Portal r11 Computer Associates Unicenter Enterprise Job Manager 3...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息