SQL Injection in Management Center for Cisco Security Agents
CVE-2010-0147

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Agent
Vendor: CVE Published:; 23 February 2010

Summary

A SQL injection vulnerability exists in the Management Center for Cisco Security Agents, allowing remote authenticated users to execute arbitrary SQL commands through various unspecified vectors. This flaw affects specific versions of the product, enabling potential manipulation of the database and unauthorized data access.

References

http://secunia.com/advisories/38619

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/62444

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2010/0416

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Feb 23, 2010
Vulnerability Reserved
Jan 4, 2010