CVE-2009-5135 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N
ibm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
nextapp	echo	𝑥 ≤ 2.1.0
nextapp	echo	2.0:alpha1
nextapp	echo	2.0:alpha10
nextapp	echo	2.0:alpha11
nextapp	echo	2.0:alpha12
nextapp	echo	2.0:alpha13
nextapp	echo	2.0:alpha14
nextapp	echo	2.0:alpha15
nextapp	echo	2.0:alpha16
nextapp	echo	2.0:alpha2
nextapp	echo	2.0:alpha3
nextapp	echo	2.0:alpha4
nextapp	echo	2.0:alpha5
nextapp	echo	2.0:alpha6
nextapp	echo	2.0:alpha7
nextapp	echo	2.0:alpha8
nextapp	echo	2.0:alpha9
nextapp	echo	2.0:beta1
nextapp	echo	2.0:beta2
nextapp	echo	2.0:beta3
nextapp	echo	2.0:beta4
nextapp	echo	2.0:rc1
nextapp	echo	2.0:rc2
nextapp	echo	2.0:rc3
nextapp	echo	2.0:rc4
nextapp	echo	2.0:rc5
nextapp	echo	2.0:rc6
nextapp	echo	2.0:rc7
nextapp	echo	2.0.1:test1
nextapp	echo	2.0.1:test2
nextapp	echo	2.0.1:test3
nextapp	echo	2.1.0:beta1
nextapp	echo	2.1.0:beta2
nextapp	echo	2.1.0:beta3
nextapp	echo	2.1.0:beta4
nextapp	echo	2.1.0:beta5
nextapp	echo	2.1.0:rc1
nextapp	echo	2.1.0:rc2
nextapp	echo	2.1.0:rc3
nextapp	echo	2.1.0:rc4
nextapp	echo	3.0:beta1
nextapp	echo	3.0:beta2
nextapp	echo	3.0:beta3
nextapp	echo	3.0:beta4
nextapp	echo	3.0:beta5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://echo.nextapp.com/site/node/5742

http://secunia.com/advisories/34218

http://www.exploit-db.com/exploits/8191/

http://www.securityfocus.com/archive/1/501637/100/0/threaded

http://www.vupen.com/english/advisories/2009/0653

https://exchange.xforce.ibmcloud.com/vulnerabilities/49167

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt

http://echo.nextapp.com/site/node/5742

http://secunia.com/advisories/34218

http://www.exploit-db.com/exploits/8191/

http://www.securityfocus.com/archive/1/501637/100/0/threaded

http://www.vupen.com/english/advisories/2009/0653

https://exchange.xforce.ibmcloud.com/vulnerabilities/49167

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt