NVD Vulnerability Detail

CVE-2020-8887

Summary	Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
Publication Date	Sept. 22, 2020, 9:15 p.m.
Registration Date	Jan. 26, 2021, 12:02 p.m.
Last Update	Nov. 21, 2024, 2:39 p.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/google/security-research/security/advisories/GHSA-g69r-8jwh-2462		Exploit Third Party Advisory
2	https://github.com/google/security-research/security/advisories/GHSA-g69r-8jwh-2462		Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

JVN Vulnerability Information

Telestream Tektronix Medius および Sentry における SQL インジェクションの脆弱性

Title	Telestream Tektronix Medius および Sentry における SQL インジェクションの脆弱性
Summary	Telestream Tektronix Medius および Sentry には、SQL インジェクションの脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 17, 2020, midnight
Registration Date	April 8, 2021, 4:52 p.m.
Last Update	April 8, 2021, 4:52 p.m.

Affected System

telestream

Medius 10.7.5 未満

Sentry 10.7.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-8887	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8887
National Vulnerability Database (NVD)
2	CVE-2020-8887	https://nvd.nist.gov/vuln/detail/CVE-2020-8887

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	Name	URL
telestream
1	Medius Application Manager ・ VNM-MED2 Datasheet	https://www.telestream.net/pdfs/datasheets/Medius-Application-Manager-Video-Quality-Monitor-Datasheet-2CW612180.pdf
2	Sentry Software-Based Quality Monitoring Solution	https://www.telestream.net/video/sentry.htm

その他

No	Name	URL
関連文書
1	Telestream: SQL injection in Sentry/Medius	https://github.com/google/security-research/security/advisories/GHSA-g69r-8jwh-2462

Change Log

No	Changed Details	Date of change
1	[2021年04月08日] 掲載	April 8, 2021, 4:52 p.m.