Vulnerability Details CVE-2021-28969
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2021-28969
-
cpe:2.3:a:fireeye:email_malware_protection_system:9.0.1.923211
-
cpe:2.3:h:fireeye:ex_3500:-