Advisories ยป MGASA-2015-0001

Updated openvas-manager packages fix security vulnerability

Publication date: 05 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9220


Updated openvas-manager packages fixes security vulnerability:

It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql
injections due to a improper handling of the timezone parameter in
modify_schedule OMP command. It has been identified that this vulnerability
may allow read-access via sql for authorized user account which have
permission to modify schedule objects (CVE-2014-9220).