Home Unlabelled IBM Security Bulletin: Open Source Cacti vulnerability affects IBM Platform RTM (CVE-2016-3172, CVE-2016-3659)

IBM Security Bulletin: Open Source Cacti vulnerability affects IBM Platform RTM (CVE-2016-3172, CVE-2016-3659)

By
Tuesday, June 21, 2016
Read
Add Comment

Cacti is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tree.php script using the parent_id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. A remote attacker could send specially-crafted SQL statements to the graph_view.php script, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE(s): CVE-2016-3172, CVE-2016-3659

Affected product(s) and affected version(s):

IBM Platform RTM 8.3, 9.1.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28Lw1Kz
X-Force Database: http://ift.tt/28KX6Ka
X-Force Database: http://ift.tt/28Lw3Cg



from IBM Product Security Incident Response Team http://ift.tt/28KX8So
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us