CVE-2011-1610

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
ciscounified_communications_manager
6.0
ciscounified_communications_manager
6.1\(1\)
ciscounified_communications_manager
6.1\(1a\)
ciscounified_communications_manager
6.1\(1b\)
ciscounified_communications_manager
6.1\(2\)
ciscounified_communications_manager
6.1\(2\)su1
ciscounified_communications_manager
6.1\(2\)su1a
ciscounified_communications_manager
6.1\(3\)
ciscounified_communications_manager
6.1\(3a\)
ciscounified_communications_manager
6.1\(3b\)
ciscounified_communications_manager
6.1\(3b\)su1
ciscounified_communications_manager
6.1\(4\)
ciscounified_communications_manager
6.1\(4\)su1
ciscounified_communications_manager
6.1\(4a\)
ciscounified_communications_manager
6.1\(4a\)su2
ciscounified_communications_manager
6.1\(5\)
ciscounified_communications_manager
6.1\(5\)su1
ciscounified_communications_manager
6.1\(5\)su2
ciscounified_communications_manager
7.0\(1\)su1
ciscounified_communications_manager
7.0\(1\)su1a
ciscounified_communications_manager
7.0\(2\)
ciscounified_communications_manager
7.0\(2a\)
ciscounified_communications_manager
7.0\(2a\)su1
ciscounified_communications_manager
7.0\(2a\)su2
ciscounified_communications_manager
7.1\(2a\)
ciscounified_communications_manager
7.1\(2a\)su1
ciscounified_communications_manager
7.1\(2b\)
ciscounified_communications_manager
7.1\(2b\)su1
ciscounified_communications_manager
7.1\(3\)
ciscounified_communications_manager
7.1\(3a\)
ciscounified_communications_manager
7.1\(3a\)su1
ciscounified_communications_manager
7.1\(3a\)su1a
ciscounified_communications_manager
7.1\(3b\)
ciscounified_communications_manager
7.1\(3b\)su1
ciscounified_communications_manager
7.1\(3b\)su2
ciscounified_communications_manager
7.1\(5\)
ciscounified_communications_manager
7.1\(5\)su1
ciscounified_communications_manager
7.1\(5\)su1a
ciscounified_communications_manager
7.1\(5a\)
ciscounified_communications_manager
7.1\(5b\)
ciscounified_communications_manager
7.1\(5b\)su2
ciscounified_communications_manager
7.1\(5b\)su3
ciscounified_communications_manager
8.0
ciscounified_communications_manager
8.0\(2c\)
ciscounified_communications_manager
8.0\(2c\)su1
ciscounified_communications_manager
8.0\(3\)
ciscounified_communications_manager
8.0\(3a\)
ciscounified_communications_manager
8.0\(3a\)su1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
http://secunia.com/advisories/44331
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
http://www.securityfocus.com/archive/1/517727/100/0/threaded
http://www.securityfocus.com/bid/47607
http://www.securitytracker.com/id?1025449
http://www.vupen.com/english/advisories/2011/1122
http://zerodayinitiative.com/advisories/ZDI-11-143/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67126
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
http://secunia.com/advisories/44331
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
http://www.securityfocus.com/archive/1/517727/100/0/threaded
http://www.securityfocus.com/bid/47607
http://www.securitytracker.com/id?1025449
http://www.vupen.com/english/advisories/2011/1122
http://zerodayinitiative.com/advisories/ZDI-11-143/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67126