CVE-2011-4487Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-4487 | First vendor Publication | 2012-02-29 |
| Vendor | Cve | Last vendor Modification | 2012-03-05 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4487 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
CPE : Common Platform Enumeration
Internal Sources (Detail)
| Source | Url |
|---|---|
| CISCO | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa... |
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:10:55 |
|
(High)
