Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28116
HistoryJun 03, 2012 - 12:00 a.m.

DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass

2012-06-0300:00:00
vulners.com
59

Title

DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass

Severity

High

Date Discovered

April 2, 2012

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: r@b13$

Vulnerability Description

Multiple SQL injection vectors and an authentication bypass were discovered in SCLIntra Enterprise. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques.

Solution Description

The vendor has indicated that the current version of SCLIntra Enterprise is version 6 and does not contain the vulnerabilities reported by DDI. Any SCLIntra Enterprise customers still using versions prior to 6 should contact SCLogic at 1.888.700.7027 to remedy the vulnerabilities (a current SCLogic support contract is required).

Tested Systems / Software

SCLogic SCLIntra Enterprise 5.5.2 on Windows 2003

Vendor Contact

Vendor Name: SCLogic
Vendor Website: http://www.sclogic.com/