CVE-2010-4099

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id?1024639
http://www.securityfocus.com/bid/44421	Exploit
http://www.exploit-db.com/exploits/15318	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/62768

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nitrosecurity:nitroview_esm_software:8.4.0a:*:*:*:*:*:*:*

OR	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5205-r:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-x5:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5750-r:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5510-r:::::::*

Information

Published : 2010-10-27 12:00

Updated : 2017-08-16 18:33

NVD link : CVE-2010-4099

Mitre link : CVE-2010-4099

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

nitrosecurity

nitroview_esm_software
nitroview_esm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id?1024639", "name": "1024639", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/44421", "name": "44421", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.exploit-db.com/exploits/15318", "name": "15318", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62768", "name": "nitrosecurityesm-ess-command-execution(62768)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4099", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-10-27T19:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nitrosecurity:nitroview_esm_software:8.4.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5205-r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-x5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5750-r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5510-r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}