Описание
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- ExploitURL Repurposed
- Exploit
- Vendor Advisory
- Exploit
- ExploitURL Repurposed
Уязвимые конфигурации
Конфигурация 1Версия до 8.5 (включая)
Одно из
cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
EPSS
Процентиль: 53%
0.00297
Низкий
7.5 High
CVSS2
Дефекты
CWE-89