Lucene search

CiscoCVE-2011-1610

HistoryMay 03, 2011 - 10:55 p.m.

CVE-2011-1610

2011-05-0322:55:02

CWE-89

cisco

web.nvd.nist.gov

cve-2011-1610

cisco

unified communications manager

sql injection

xmldirectorylist.jsp

apache http server

security vulnerability

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

8.5

Confidence

Low

EPSS

0.93

Percentile

99.1%

JSON

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

ciscounified_communications_managerMatch6.1\(5\)su2

Node

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(2b\)su1

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

ciscounified_communications_managerMatch7.1\(5b\)su2

ciscounified_communications_managerMatch7.1\(5b\)su3

Node

ciscounified_communications_managerMatch8.0

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.0\(3a\)su1

VendorProductVersionCPE
ciscounified_communications_manager6.0cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1a)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1b)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)su1cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)su1acpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
ciscounified_communications_manager6.1(3)cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(3a)cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(3b)cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	6.0	cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::*
cisco	unified_communications_manager	6.1(1)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):::::::*
cisco	unified_communications_manager	6.1(1a)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):::::::*
cisco	unified_communications_manager	6.1(1b)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):::::::*
cisco	unified_communications_manager	6.1(2)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):::::::*
cisco	unified_communications_manager	6.1(2)su1	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:::::::*
cisco	unified_communications_manager	6.1(2)su1a	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:::::::*
cisco	unified_communications_manager	6.1(3)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):::::::*
cisco	unified_communications_manager	6.1(3a)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):::::::*
cisco	unified_communications_manager	6.1(3b)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):::::::*