CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4858

Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.2%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2014-4858

Sabreairlinesolutions » Crew Management » Version: 2010.2.12.20008

cpe:2.3:a:sabreairlinesolutions:crew_management:2010.2.12.20008
Sabreairlinesolutions » Crew Operations » Version: 2010.2.12.20008

cpe:2.3:a:sabreairlinesolutions:crew_operations:2010.2.12.20008
Sabreairlinesolutions » Crew Planning » Version: 2010.2.12.20008

cpe:2.3:a:sabreairlinesolutions:crew_planning:2010.2.12.20008
Sabreairlinesolutions » Crew Services » Version: 2010.2.12.20008

cpe:2.3:a:sabreairlinesolutions:crew_services:2010.2.12.20008
Sabreairlinesolutions » Crew Training » Version: 2010.2.12.20008

cpe:2.3:a:sabreairlinesolutions:crew_training:2010.2.12.20008

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4858

Products

Pricing

Contact Us