Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0960

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-0960
Last Modified 24 May 2011 12:00:00
Published 20 May 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0960

Summary

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

Vulnerable Systems

Application

  • Cisco Unified Operations Manager 1.1

  • Cisco Unified Operations Manager 2.0

  • Cisco Unified Operations Manager 2.0.1

  • Cisco Unified Operations Manager 2.0.2

  • Cisco Unified Operations Manager 2.0.3

  • Cisco Unified Operations Manager 2.1

  • Cisco Unified Operations Manager 2.2

  • Cisco Unified Operations Manager 2.3

  • Cisco Unified Operations Manager 8.0

  • Cisco Unified Operations Manager 8.5


References

XF - cuom-prtestcreation-sql-injection(67522)

MISC - http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

BID - 47898

EXPLOIT-DB - 17304

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=23086

FULLDISC - 20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006


Last Updated: 27 May 2016 10:56:06