| Vulnerability Name: | CVE-2012-0337 (CCN-75407) | ||||||||
| Assigned: | 2012-01-04 | ||||||||
| Published: | 2012-01-04 | ||||||||
| Updated: | 2012-05-11 | ||||||||
| Summary: | SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0337 Source: CCN Type: SA49104 Cisco Unified MeetingPlace Cross-Site Scripting and SQL Injection Vulnerabilities Source: CCN Type: SA51103 Cisco Unified MeetingPlace Web Conferencing SQL Injection and Denial of Service Vulnerabilities Source: CCN Type: cisco-sa-20121031-mp Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing Source: CCN Type: Cisco Web site Release Notes for Cisco Unified MeetingPlace Release 7.1 Source: CONFIRM Type: UNKNOWN http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html Source: CCN Type: OSVDB ID: 81761 Cisco Unified MeetingPlace Unspecified XSS Source: CCN Type: OSVDB ID: 81762 Cisco Unified MeetingPlace Unspecified SQL Injection Source: CCN Type: BID-53431 Cisco Unified MeetingPlace SQL Injection and Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN cisco-meetingplace-web-sql-injection(75407) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||