CVE-2007-4634

Sažetak

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

Reference

http://secunia.com/advisories/26641
http://securitytracker.com/id?1018624
http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml
http://www.securityfocus.com/bid/25480
http://www.vupen.com/english/advisories/2007/3010
https://exchange.xforce.ibmcloud.com/vulnerabilities/36326

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

31-08-2007 - 23:17