Lucene search

[email protected]CVE-2007-4634

HistoryAug 31, 2007 - 11:17 p.m.

CVE-2007-4634

2007-08-3123:17:00

CWE-89

[email protected]

web.nvd.nist.gov

cisco

callmanager

unified communications manager

sql injection

vulnerability

remote attackers

nvd

cve-2007-4634

9.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.6%

JSON

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

CPENameOperatorVersion
cisco:call_managercisco call managereq4.2\(2\)
cisco:unified_communications_managercisco unified communications managereq3.3\(5\)
cisco:call_managercisco call managereq3.3\(5\)sr2
cisco:call_managercisco call managereq4.3\(1\)
cisco:unified_communications_managercisco unified communications managereq4.1\(3\)sr1
cisco:call_managercisco call managereq4.1\(3\)sr1
cisco:call_managercisco call managereq4.1
cisco:call_managercisco call managereq3.3\(5\)sr2a
cisco:unified_communications_managercisco unified communications managereq4.2.3sr1
cisco:unified_communications_managercisco unified communications managereq4.1\(3\)sr2

CPE	Name	Operator	Version
cisco:call_manager	cisco call manager	eq	4.2\(2\)
cisco:unified_communications_manager	cisco unified communications manager	eq	3.3\(5\)
cisco:call_manager	cisco call manager	eq	3.3\(5\)sr2
cisco:call_manager	cisco call manager	eq	4.3\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	4.1\(3\)sr1
cisco:call_manager	cisco call manager	eq	4.1\(3\)sr1
cisco:call_manager	cisco call manager	eq	4.1
cisco:call_manager	cisco call manager	eq	3.3\(5\)sr2a
cisco:unified_communications_manager	cisco unified communications manager	eq	4.2.3sr1
cisco:unified_communications_manager	cisco unified communications manager	eq	4.1\(3\)sr2

Rows per page:

1-10 of 311

References

secunia.com/advisories/26641

securitytracker.com/id?1018624

www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml

www.securityfocus.com/bid/25480

www.vupen.com/english/advisories/2007/3010

exchange.xforce.ibmcloud.com/vulnerabilities/36326

9.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for CVE-2007-4634

cvelist1 prion1