CVE-2010-1904 – RSA Key Manager 1.5.x SQL Injection

https://notcve.org/view.php?id=CVE-2010-1904

SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. Una vulnerabilidad de inyección SQL en EMC RSA Key Manager Client v1.5.x permite ejecutar comandos SQL a atacantes remotos ayudados por un usuario local a través de la sección metadata de los datos de una clave cifrada. RSA Key Manager version 1.5.x suffers from a remote SQL injection vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0078.html http://seclists.org/bugtraq/2011/Jan/138 http://secunia.com/advisories/43057 http://www.securityfocus.com/archive/1/511654/100/0/threaded http://www.securityfocus.com/bid/40553 http://www.securitytracker.com/id?1024059 http://www.securitytracker.com/id?1024989 http://www.vupen.com/english/advisories/2011/0206 https://exchange.xforce.ibmcloud.com/vulnerabilities/59133 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •