CVE-2011-0960

2011-05-2022:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cisco

unified operations manager

cuom

sql injection

remote attackers

arbitrary commands

bug id

csctn61716

security vulnerability

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.0%

JSON

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

Affected configurations

NVD

Node

ciscounified_operations_managerRange≤8.5

ciscounified_operations_managerMatch1.1

ciscounified_operations_managerMatch2.0

ciscounified_operations_managerMatch2.0.1

ciscounified_operations_managerMatch2.0.2

ciscounified_operations_managerMatch2.0.3

ciscounified_operations_managerMatch2.1

ciscounified_operations_managerMatch2.2

ciscounified_operations_managerMatch2.3

ciscounified_operations_managerMatch8.0

CPENameOperatorVersion
cisco:unified_operations_managercisco unified operations managerle8.5
cisco:unified_operations_managercisco unified operations managereq1.1
cisco:unified_operations_managercisco unified operations managereq2.0
cisco:unified_operations_managercisco unified operations managereq2.0.1
cisco:unified_operations_managercisco unified operations managereq2.0.2
cisco:unified_operations_managercisco unified operations managereq2.0.3
cisco:unified_operations_managercisco unified operations managereq2.1
cisco:unified_operations_managercisco unified operations managereq2.2
cisco:unified_operations_managercisco unified operations managereq2.3
cisco:unified_operations_managercisco unified operations managereq8.0

CPE	Name	Operator	Version
cisco:unified_operations_manager	cisco unified operations manager	le	8.5
cisco:unified_operations_manager	cisco unified operations manager	eq	1.1
cisco:unified_operations_manager	cisco unified operations manager	eq	2.0
cisco:unified_operations_manager	cisco unified operations manager	eq	2.0.1
cisco:unified_operations_manager	cisco unified operations manager	eq	2.0.2
cisco:unified_operations_manager	cisco unified operations manager	eq	2.0.3
cisco:unified_operations_manager	cisco unified operations manager	eq	2.1
cisco:unified_operations_manager	cisco unified operations manager	eq	2.2
cisco:unified_operations_manager	cisco unified operations manager	eq	2.3
cisco:unified_operations_manager	cisco unified operations manager	eq	8.0