CVE-2010-0139

2010-01-2820:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cisco

unified meetingplace

cve-2010-0139

sql injection

remote attack

7.5 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

0.003 Low

EPSS

Percentile

70.3%

JSON

Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.

CPENameOperatorVersion
cisco:unified_meetingplacecisco unified meetingplaceeq6.0.244
cisco:unified_meetingplacecisco unified meetingplaceeq7.0
cisco:unified_meetingplacecisco unified meetingplaceeq7.0.1
cisco:unified_meetingplacecisco unified meetingplaceeq6.0.170.0
cisco:unified_meetingplacecisco unified meetingplaceeq5.0
cisco:unified_meetingplacecisco unified meetingplaceeq7.0.2
cisco:unified_meetingplacecisco unified meetingplaceeq5
cisco:unified_meetingplacecisco unified meetingplaceeq6.0

CPE	Name	Operator	Version
cisco:unified_meetingplace	cisco unified meetingplace	eq	6.0.244
cisco:unified_meetingplace	cisco unified meetingplace	eq	7.0
cisco:unified_meetingplace	cisco unified meetingplace	eq	7.0.1
cisco:unified_meetingplace	cisco unified meetingplace	eq	6.0.170.0
cisco:unified_meetingplace	cisco unified meetingplace	eq	5.0
cisco:unified_meetingplace	cisco unified meetingplace	eq	7.0.2
cisco:unified_meetingplace	cisco unified meetingplace	eq	5
cisco:unified_meetingplace	cisco unified meetingplace	eq	6.0