Executive Summary

Informations
NameCVE-2011-4487First vendor Publication2012-02-29
VendorCveLast vendor Modification2012-03-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4487

CWE : Common Weakness Enumeration

idName
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4
Application7
Application9
Application70
Hardware1
Hardware1
Hardware1

Internal Sources (Detail)

SourceUrl
CISCOhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:10:55
  • Multiple Updates