Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities

Bugtraq ID: 25480
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 29 2007 12:00AM
Updated: Sep 04 2007 10:51PM
Credit: The vendor disclosed these issues.
Vulnerable: Cisco Unified Communications Manager 4.2(3)sr2
Cisco Unified Communications Manager 4.2 (3)SR2b
Cisco Unified CallManager 4.2(3)SR1
Cisco Unified CallManager 4.2
Cisco Unified CallManager 4.1(3)sr5
Cisco Unified CallManager 4.1(3)SR4
Cisco Unified CallManager 4.1 (3)SR5b
Cisco Unified CallManager 4.1
Cisco Unified CallManager 4.0
Cisco Unified CallManager 3.3(5)sr3
Cisco Unified CallManager 3.3(5)sr3
Cisco Unified CallManager 3.3(5)SR2a
Cisco Unified CallManager 3.3(5)SR2a
Cisco Unified CallManager 3.3
Not Vulnerable: Cisco Unified Communications Manager 4.3(1)sr.1
Cisco Unified CallManager 4.2(3)sr2
Cisco Unified CallManager 4.1(3)sr5
Cisco Unified CallManager 3.3(5)sr2b


 

Privacy Statement
Copyright 2010, SecurityFocus