N/A

Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to /api/audit/findmetawatcher; the (4) user parameter to /api/audit/findmetaalert; the (5) user parameter to /api/management/ds; the (6) user or (7) filter parameter to /api/audit/findmetarunalert; the (7) user parameter to /api/management/findtimeview; the (8) user, (9) filter or (10) target parameter to /api/management/getihmsettings; the (11) user or (12) filter parameter to /api/management/elementstype; the (14) login, (15) user, (16) is_local, (17) is_ldap, or (18) is_openid parameter to /api/user/addalias; the (19) role parameter to /api/user/addrole; the (20) user or (21) filter parameter to /api/management/addtimeview; the (22) TIMEAGO, (23) IDENTIFIER, (24) USER, (25) NAME, or (26) COST parameter to /api/management/addtagcosts; the (27) USER, or (28) VM_COST parameter to /api/management/updategenericcpucost; the (29) VM, (30) HOST, or (31) STORAGE parameter to /api/management/updatecostinfo; the (32) user, (33) filter, or (34) timeago parameter to /api/management/addfilter; the (35) user parameter to /api/report/getreporthistory.

N/A

N/A

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope和EasyVirt CO2 Scope都是法国EasyVirt公司的产品。EasyVirt DC Scope是一个适用于 VMware 虚拟化 VMware 的监控和管理解决方案。EasyVirt CO2 Scope是一种实时监控 IT 服务、虚拟机和服务器的 CO2 排放的解决方案。 EasyVirt DC Scope 8.6.0及之前版本和EasyVirt CO2 Scope 1.3.0及之前版本存在安全漏洞，该漏洞源于容易受到SQL注入攻击。

N/A

N/A