Multiple SQL Injection Vulnerabilities in CA Total Defense by CA Technologies
CVE-2011-1653

Currently unrated

Key Information:

Vendor

Broadcom
Status
Total Defense
Vendor
CVE Published:
18 April 2011

What is CVE-2011-1653?

The CA Total Defense product suite is impacted by multiple SQL injection vulnerabilities present in the Unified Network Control (UNC) Server. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through specific stored procedures such as UnAssignFunctionalRoles, UnassignAdminRoles, DeleteFilter, NonAssignedUserList, DeleteReportLayout, DeleteReports, and RegenerateReport. Exploiting these vulnerabilities poses a significant risk to data integrity and system availability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66725
vdb-entryx_refsource_XF
http://www.zerodayinitiative.com/advisories/ZDI-11-128/
x_refsource_MISC
http://secunia.com/advisories/44097
third-party-advisoryx_refsource_SECUNIA

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.