CVE-2011-1609 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	8.5 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:S/C:C/I:C/A:C
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.1\(1\)
cisco	unified_communications_manager	6.1\(1a\)
cisco	unified_communications_manager	6.1\(1b\)
cisco	unified_communications_manager	6.1\(2\)
cisco	unified_communications_manager	6.1\(2\)su1
cisco	unified_communications_manager	6.1\(2\)su1a
cisco	unified_communications_manager	6.1\(3\)
cisco	unified_communications_manager	6.1\(3a\)
cisco	unified_communications_manager	6.1\(3b\)
cisco	unified_communications_manager	6.1\(3b\)su1
cisco	unified_communications_manager	6.1\(4\)
cisco	unified_communications_manager	6.1\(4\)su1
cisco	unified_communications_manager	6.1\(4a\)
cisco	unified_communications_manager	6.1\(4a\)su2
cisco	unified_communications_manager	6.1\(5\)
cisco	unified_communications_manager	6.1\(5\)su1
cisco	unified_communications_manager	7.0\(1\)su1
cisco	unified_communications_manager	7.0\(1\)su1a
cisco	unified_communications_manager	7.0\(2\)
cisco	unified_communications_manager	7.0\(2a\)
cisco	unified_communications_manager	7.0\(2a\)su1
cisco	unified_communications_manager	7.0\(2a\)su2
cisco	unified_communications_manager	7.1\(2a\)
cisco	unified_communications_manager	7.1\(2a\)su1
cisco	unified_communications_manager	7.1\(2b\)
cisco	unified_communications_manager	7.1\(3\)
cisco	unified_communications_manager	7.1\(3a\)
cisco	unified_communications_manager	7.1\(3a\)su1
cisco	unified_communications_manager	7.1\(3a\)su1a
cisco	unified_communications_manager	7.1\(3b\)
cisco	unified_communications_manager	7.1\(3b\)su1
cisco	unified_communications_manager	7.1\(3b\)su2
cisco	unified_communications_manager	7.1\(5\)
cisco	unified_communications_manager	7.1\(5\)su1
cisco	unified_communications_manager	7.1\(5\)su1a
cisco	unified_communications_manager	7.1\(5a\)
cisco	unified_communications_manager	7.1\(5b\)
cisco	unified_communications_manager	8.0\(2c\)
cisco	unified_communications_manager	8.0\(2c\)su1
cisco	unified_communications_manager	8.0\(3\)
cisco	unified_communications_manager	8.0\(3a\)
cisco	unified_communications_manager	8.0\(3a\)su1
cisco	unified_communications_manager	8.0\(3a\)su2
cisco	unified_communications_manager	8.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

http://secunia.com/advisories/44331

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

http://www.securityfocus.com/bid/47605

http://www.securitytracker.com/id?1025449

http://www.vupen.com/english/advisories/2011/1122

https://exchange.xforce.ibmcloud.com/vulnerabilities/67125

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

http://secunia.com/advisories/44331

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

http://www.securityfocus.com/bid/47605

http://www.securitytracker.com/id?1025449

http://www.vupen.com/english/advisories/2011/1122

https://exchange.xforce.ibmcloud.com/vulnerabilities/67125