CVE-2011-1610

Sažetak

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
http://secunia.com/advisories/44331
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
http://www.securityfocus.com/archive/1/517727/100/0/threaded
http://www.securityfocus.com/bid/47607
http://www.securitytracker.com/id?1025449
http://www.vupen.com/english/advisories/2011/1122
http://zerodayinitiative.com/advisories/ZDI-11-143/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67126

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:31

Objavljeno

03-05-2011 - 22:55