HPE.Vertica.ValidateAdminConfig.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in HP Enterprise Vertica.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to execute arbitrary commands in the context of the vulnerable application via a crafted request.
Affected Products
HPE Vertica 7.0.x prior to 7.0.2.12
HPE Vertica 7.1.x prior to 7.1.2-12
HPE Vertica 7.2.x prior to 7.2.2-1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c05085303
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-09 | 16.958 | Name:HP. Enterprise. Vertica. ValidateAdminConfig. Command. Injection:HPE. Vertica. ValidateAdminConfig. Command. Injection |
2019-06-10 | 14.629 | Severity:high:critical |