CVE-2011-1653

Currently unrated

Key Information:

Vendor: Broadcom
Status: Total Defense
Vendor: CVE Published:; 18 April 2011

Summary

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66725

vdb-entryx_refsource_XF

http://www.zerodayinitiative.com/advisories/ZDI-11-128/

x_refsource_MISC

http://secunia.com/advisories/44097

third-party-advisoryx_refsource_SECUNIA

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 18, 2011
Vulnerability Reserved
Apr 6, 2011