Cisco Unified Communications Manager 'key' Parameter SQL Injection Vulnerability

Bugtraq ID: 27775
Class: Input Validation Error
CVE: CVE-2008-0026
Remote: Yes
Local: No
Published: Feb 13 2008 12:00AM
Updated: Feb 21 2008 09:53PM
Credit: Nico Leidecker and Tracey Parry at Portcullis Computer Security Limited are credited with discovering this vulnerability.
Vulnerable: Cisco Unified Communications Manager 6.1
Cisco Unified Communications Manager 6.0(1)
Cisco Unified Communications Manager 6.0 (1a)
Cisco Unified Communications Manager 6.0
Cisco Unified Communications Manager 5.1(2b)
Cisco Unified Communications Manager 5.1(2a)
Cisco Unified Communications Manager 5.1(2)
Cisco Unified Communications Manager 5.1(1)
Cisco Unified CallManager 6.0
Cisco Unified CallManager 5.1
Cisco Unified CallManager 5.0(4a)SU1
Cisco Unified CallManager 5.0(4)
Cisco Unified CallManager 5.0(3a)
Cisco Unified CallManager 5.0(3)
Cisco Unified CallManager 5.0(2)
Cisco Unified CallManager 5.0(1)
Cisco Unified CallManager 5.0
Not Vulnerable: Cisco Unified Communications Manager 6.1(1a)
Cisco Unified Communications Manager 5.1(3a)


 

Privacy Statement
Copyright 2010, SecurityFocus