Check Point Reference: | CPAI-2012-214 |
Date Published: | 14 May 2012 |
Severity: | Critical |
Last Updated: | Monday 25 November, 2024 |
Source: | CVE-2012-0199 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | IBM Tivoli Provisioning Manager Express for Software Distribution V4.1.x and prior |
Vulnerability Description | An SQL injection vulnerability has been reported in IBM Tivoli Provisioning Manager Express. |
Vulnerability Details | The vulnerability is due to insufficient input sanitation in a certain function when processing specially crafted HTTP requests. A remote attacker may exploit this issue by sending a specially crafted HTTP request to an affected server. Successful exploitation could allow an attacker to upload files to the server and execute code on the target server. |
This protection will detect and block malicious http requests.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: IBM Tivoli Enforcement Violation
Attack Information: IBM Tivoli Provisioning Manager Express Asset.getMimeType SQL Injection