Multiple SQL Injection Vulnerabilities in Cisco Unified Operations Manager
CVE-2011-0960

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Operations Manager
Vendor: CVE Published:; 20 May 2011

Summary

Cisco Unified Operations Manager prior to version 8.6 is susceptible to multiple SQL injection vulnerabilities. These flaws enable remote attackers to execute arbitrary SQL commands by manipulating specific parameters in web requests. Attackers could exploit the 'CCMs' parameter in iptm/PRTestCreation.do or the 'ccm' parameter in iptm/TelePresenceReportAction.do, leading to unauthorized access to the database and potential compromise of sensitive data. Prompt updating to a secure version is advised to mitigate this risk.

References

http://www.securityfocus.com/bid/47898

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
Feb 10, 2011