|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-09-13 | |
| Rule Name: | Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt Vulnerability (CVE-2011-1609) | |
| Severity: | High | |
| CVE ID: | CVE-2011-1609 | |
| Rule Protection Details |
|---|
| Description: | SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:47605 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml SecurityTrackerID:1025449 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml |