SQL Injection in Redhat Enterprise_mrg

CVE-2013-4461

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."

Vulnerability class: SQL Injection

EPSS: 0.004 (59.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Enterprise_mrg — versions 2.4
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:1851 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:1852 (x_refsource_REDHAT, vendor-advisory)