PT-2010-1954 · Cisco · Cisco Unified Meetingplace

Publicado

2010-01-28

Atualizado

2011-01-07

CVE-2010-0139

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Cisco Unified MeetingPlace versions prior to 7.0(2.3) hotfix 5F Cisco Unified MeetingPlace version 6 prior to 6.0.639.2

Description The issue is related to improper validation of SQL commands, allowing remote attackers to create, modify, or delete data in a database.

Recommendations For Cisco Unified MeetingPlace version 7, update to 7.0(2.3) hotfix 5F or later. For Cisco Unified MeetingPlace version 6, update to 6.0.639.2 or later. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2010-0139

Produtos afetados

Cisco Unified Meetingplace

PT-2010-1954 · Cisco · Cisco Unified Meetingplace

CVE-2010-0139

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3