CVE-2011-1903

EUVD-2011-1901
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
proofpointmessaging_security_gateway
𝑥
≤ 6.2.0.263\:6.2.0.237
proofpointprotection_server
5.5.3
proofpointprotection_server
5.5.4
proofpointprotection_server
5.5.5
proofpointprotection_server
6.0.2
proofpointprotection_server
6.1.1
proofpointprotection_server
6.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
http://www.kb.cert.org/vuls/id/790980
https://support.proofpoint.com/article.cgi?article_id=338413
http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
http://www.kb.cert.org/vuls/id/790980
https://support.proofpoint.com/article.cgi?article_id=338413