Vulnerability-Lookup - Search a vulnerability

cve-2011-0962

Vulnerability from cvelistv5

Published

2011-05-20 22:00

Modified

2024-08-06 22:14

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/viewAlert.x?alertId=23087	x_refsource_CONFIRM
	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	mailing-list, x_refsource_FULLDISC
	http://www.exploit-db.com/exploits/17304	exploit, x_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67524	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-common-services-xss(67524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-common-services-xss(67524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-common-services-xss(67524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0962",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3416

Vulnerability from cvelistv5

Published

2013-07-10 21:00

Modified

2024-08-06 16:07

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1028765	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1028766	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1028765",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028765"
          },
          {
            "name": "1028766",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028766"
          },
          {
            "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-20T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1028765",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028765"
        },
        {
          "name": "1028766",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028766"
        },
        {
          "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3416",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1028765",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028765"
            },
            {
              "name": "1028766",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028766"
            },
            {
              "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3416",
    "datePublished": "2013-07-10T21:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3437

Vulnerability from cvelistv5

Published

2013-07-22 14:00

Modified

2024-08-06 16:07

Severity ?

Summary

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.

References

▼	URL	Tags
	http://osvdb.org/95472	vdb-entry, x_refsource_OSVDB
	http://tools.cisco.com/security/center/viewAlert.x?alertId=30153	x_refsource_CONFIRM
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95472",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
          },
          {
            "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-22T14:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "95472",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
        },
        {
          "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95472",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95472"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
            },
            {
              "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3437",
    "datePublished": "2013-07-22T14:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2738

Vulnerability from cvelistv5

Published

2011-09-17 10:00

Modified

2024-08-06 23:08

Severity ?

Summary

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

References

▼	URL	Tags
	http://secunia.com/advisories/46052	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1026048	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/46053	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/45979	third-party-advisory, x_refsource_SECUNIA
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml	vendor-advisory, x_refsource_CISCO
	http://www.osvdb.org/75442	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/69828	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/46016	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/49627	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/49644	vdb-entry, x_refsource_BID
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id?1026059	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1026047	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1026046	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/519646/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46052",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46052"
          },
          {
            "name": "1026048",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026048"
          },
          {
            "name": "46053",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46053"
          },
          {
            "name": "45979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45979"
          },
          {
            "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
          },
          {
            "name": "75442",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/75442"
          },
          {
            "name": "cisco-unspecified-code-execution(69828)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
          },
          {
            "name": "46016",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46016"
          },
          {
            "name": "49627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49627"
          },
          {
            "name": "49644",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49644"
          },
          {
            "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
          },
          {
            "name": "1026059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026059"
          },
          {
            "name": "1026047",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026047"
          },
          {
            "name": "1026046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026046"
          },
          {
            "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "46052",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46052"
        },
        {
          "name": "1026048",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026048"
        },
        {
          "name": "46053",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46053"
        },
        {
          "name": "45979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45979"
        },
        {
          "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
        },
        {
          "name": "75442",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/75442"
        },
        {
          "name": "cisco-unspecified-code-execution(69828)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
        },
        {
          "name": "46016",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46016"
        },
        {
          "name": "49627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49627"
        },
        {
          "name": "49644",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49644"
        },
        {
          "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
        },
        {
          "name": "1026059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026059"
        },
        {
          "name": "1026047",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026047"
        },
        {
          "name": "1026046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026046"
        },
        {
          "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2011-2738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46052",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46052"
            },
            {
              "name": "1026048",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026048"
            },
            {
              "name": "46053",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46053"
            },
            {
              "name": "45979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45979"
            },
            {
              "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
            },
            {
              "name": "75442",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/75442"
            },
            {
              "name": "cisco-unspecified-code-execution(69828)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
            },
            {
              "name": "46016",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46016"
            },
            {
              "name": "49627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49627"
            },
            {
              "name": "49644",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49644"
            },
            {
              "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
            },
            {
              "name": "1026059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026059"
            },
            {
              "name": "1026047",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026047"
            },
            {
              "name": "1026046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026046"
            },
            {
              "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2011-2738",
    "datePublished": "2011-09-17T10:00:00",
    "dateReserved": "2011-07-13T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1161

Vulnerability from cvelistv5

Published

2009-05-21 14:00

Modified

2024-08-07 05:04

Severity ?

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

References

▼	URL	Tags
	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html	third-party-advisory, x_refsource_JVNDB
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/35040	vdb-entry, x_refsource_BID
	http://jvn.jp/en/jp/JVN62527913/index.html	third-party-advisory, x_refsource_JVN
	http://osvdb.org/54616	vdb-entry, x_refsource_OSVDB
	http://securitytracker.com/id?1022263	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2009/1390	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/35179	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2009-000032",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
          },
          {
            "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
          },
          {
            "name": "35040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35040"
          },
          {
            "name": "JVN#62527913",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
          },
          {
            "name": "54616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54616"
          },
          {
            "name": "1022263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022263"
          },
          {
            "name": "ADV-2009-1390",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1390"
          },
          {
            "name": "35179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35179"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-04T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "JVNDB-2009-000032",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
        },
        {
          "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
        },
        {
          "name": "35040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35040"
        },
        {
          "name": "JVN#62527913",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
        },
        {
          "name": "54616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54616"
        },
        {
          "name": "1022263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022263"
        },
        {
          "name": "ADV-2009-1390",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1390"
        },
        {
          "name": "35179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35179"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2009-000032",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
            },
            {
              "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
            },
            {
              "name": "35040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35040"
            },
            {
              "name": "JVN#62527913",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
            },
            {
              "name": "54616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54616"
            },
            {
              "name": "1022263",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022263"
            },
            {
              "name": "ADV-2009-1390",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1390"
            },
            {
              "name": "35179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35179"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-1161",
    "datePublished": "2009-05-21T14:00:00",
    "dateReserved": "2009-03-26T00:00:00",
    "dateUpdated": "2024-08-07T05:04:48.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0960

Vulnerability from cvelistv5

Published

2011-05-20 22:00

Modified

2024-08-06 22:14

Severity ?

Summary

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/47898	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/viewAlert.x?alertId=23086	x_refsource_CONFIRM
	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	mailing-list, x_refsource_FULLDISC
	http://www.exploit-db.com/exploits/17304	exploit, x_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67522	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cuom-prtestcreation-sql-injection(67522)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "47898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cuom-prtestcreation-sql-injection(67522)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47898"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cuom-prtestcreation-sql-injection(67522)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0960",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3440

Vulnerability from cvelistv5

Published

2013-07-23 17:00

Modified

2024-08-06 16:07

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440	vendor-advisory, x_refsource_CISCO
	http://tools.cisco.com/security/center/viewAlert.x?alertId=30175	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/61414	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1028819	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/95584	vdb-entry, x_refsource_OSVDB

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
          },
          {
            "name": "61414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61414"
          },
          {
            "name": "1028819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028819"
          },
          {
            "name": "95584",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95584"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
        },
        {
          "name": "61414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61414"
        },
        {
          "name": "1028819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028819"
        },
        {
          "name": "95584",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95584"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
            },
            {
              "name": "61414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61414"
            },
            {
              "name": "1028819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028819"
            },
            {
              "name": "95584",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95584"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3440",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3439

Vulnerability from cvelistv5

Published

2013-07-23 17:00

Modified

2024-08-06 16:07

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/61416	vdb-entry, x_refsource_BID
	http://osvdb.org/95585	vdb-entry, x_refsource_OSVDB
	http://tools.cisco.com/security/center/viewAlert.x?alertId=30174	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1028825	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
          },
          {
            "name": "61416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61416"
          },
          {
            "name": "95585",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95585"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
          },
          {
            "name": "1028825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
        },
        {
          "name": "61416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61416"
        },
        {
          "name": "95585",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95585"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
        },
        {
          "name": "1028825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
            },
            {
              "name": "61416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61416"
            },
            {
              "name": "95585",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95585"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
            },
            {
              "name": "1028825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3439",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3036

Vulnerability from cvelistv5

Published

2010-10-29 18:00

Modified

2024-08-07 02:55

Severity ?

Summary

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

References

▼	URL	Tags
	http://osvdb.org/68927	vdb-entry, x_refsource_OSVDB
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml	vendor-advisory, x_refsource_CISCO
	http://securitytracker.com/id?1024646	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/44468	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/42011	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2793	vdb-entry, x_refsource_VUPEN

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68927",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68927"
          },
          {
            "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
          },
          {
            "name": "1024646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024646"
          },
          {
            "name": "44468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44468"
          },
          {
            "name": "42011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42011"
          },
          {
            "name": "ADV-2010-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-06T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68927",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68927"
        },
        {
          "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
        },
        {
          "name": "1024646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024646"
        },
        {
          "name": "44468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44468"
        },
        {
          "name": "42011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42011"
        },
        {
          "name": "ADV-2010-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68927",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3036",
    "datePublished": "2010-10-29T18:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5488

Vulnerability from cvelistv5

Published

2013-09-12 01:00

Modified

2024-08-06 17:15

Severity ?

Summary

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/viewAlert.x?alertId=30749	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/87026	vdb-entry, x_refsource_XF
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/62333	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
          },
          {
            "name": "cisco-cve20135488-dos(87026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
          },
          {
            "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
          },
          {
            "name": "62333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
        },
        {
          "name": "cisco-cve20135488-dos(87026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
        },
        {
          "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
        },
        {
          "name": "62333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
            },
            {
              "name": "cisco-cve20135488-dos(87026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
            },
            {
              "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
            },
            {
              "name": "62333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5488",
    "datePublished": "2013-09-12T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0959

Vulnerability from cvelistv5

Published

2011-05-20 22:00

Modified

2024-08-06 22:14

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/viewAlert.x?alertId=23085	x_refsource_CONFIRM
	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	mailing-list, x_refsource_FULLDISC
	http://www.exploit-db.com/exploits/17304	exploit, x_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67521	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-multiple-xss(67521)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-multiple-xss(67521)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-multiple-xss(67521)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0959",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2013-07-10 21:55

Modified

2024-11-21 01:53

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.

References

▼	URL	Tags
	ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416
	ykramarz@cisco.com	http://www.securitytracker.com/id/1028765
	ykramarz@cisco.com	http://www.securitytracker.com/id/1028766
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028765
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028766

Impacted products

	Vendor	Product	Version
	cisco	unified_operations_manager	-
	cisco	unified_service_monitor	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el framework web en la implementaci\u00f3n del gestor de comunicaciones en Cisco Unified Operations Manager y Unified Service Monitor, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro no especificado, tambi\u00e9n conocido como Bug IDs CSCuh47574 y CSCuh95997."
    }
  ],
  "id": "CVE-2013-3416",
  "lastModified": "2024-11-21T01:53:35.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-10T21:55:00.947",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1028765"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1028766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028766"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-07-23 11:03

Modified

2024-11-21 01:53

Severity ?

Summary

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/95472
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30153	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95472
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30153	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_operations_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Cisco Unified Operations Manager, permite a usuarios autenticados la ejecuci\u00f3n arbitraria de comandos SQL a trav\u00e9s de un campo de entrada. Aka Bug ID CSCud80179."
    }
  ],
  "id": "CVE-2013-3437",
  "lastModified": "2024-11-21T01:53:37.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:02.037",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/95472"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-20 22:55

Modified

2024-11-21 01:25

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

References

URL	Tags
ykramarz@cisco.com	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
ykramarz@cisco.com	http://www.exploit-db.com/exploits/17304	Exploit
ykramarz@cisco.com	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67524
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17304	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67524

Impacted products

Vendor	Product	Version
cisco	unified_operations_manager	*
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_operations_manager	2.1
cisco	unified_operations_manager	2.2
cisco	unified_operations_manager	2.3
cisco	unified_operations_manager	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine en el Common Services Device Center en Cisco Unified Operations Manager (CUOM) anterior a v8.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"tag\", tambi\u00e9n conocido como Bug ID CSCto12712."
    }
  ],
  "id": "CVE-2011-0962",
  "lastModified": "2024-11-21T01:25:12.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-20T22:55:03.033",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-07-23 17:20

Modified

2024-11-21 01:53

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/95584
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30175	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/61414
ykramarz@cisco.com	http://www.securitytracker.com/id/1028819
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95584
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30175	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61414
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028819

Impacted products

	Vendor	Product	Version
	cisco	unified_operations_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades XSS en el interfaz web de administraci\u00f3n de Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias y obtener cookies seguras a trav\u00e9s de vectores no especificados. Aka Bug ID CSCud80186."
    }
  ],
  "id": "CVE-2013-3440",
  "lastModified": "2024-11-21T01:53:38.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-23T17:20:53.237",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/95584"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/61414"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1028819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028819"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-20 22:55

Modified

2024-11-21 01:25

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

References

URL	Tags
ykramarz@cisco.com	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=23085	Vendor Advisory
ykramarz@cisco.com	http://www.exploit-db.com/exploits/17304	Exploit
ykramarz@cisco.com	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67521
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=23085	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17304	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67521

Impacted products

Vendor	Product	Version
cisco	unified_operations_manager	*
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_operations_manager	2.1
cisco	unified_operations_manager	2.2
cisco	unified_operations_manager	2.3
cisco	unified_operations_manager	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Operations Manager (CUOM) antes de v8.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro extn de iptm/advancedfind.do, (2) el par\u00e1metro deviceInstanceName de iptm/ddv.do, el (3) cmd o (4) el par\u00e1metro group de iptm/eventmon, el par\u00e1metro (5) clusterName o (6) deviceName de iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, o el par\u00e1metro (7) ccmName o (8) clusterName de iptm/logicalTopo.do, tambi\u00e9n conocido como Bug ID CSCtn61716."
    }
  ],
  "id": "CVE-2011-0959",
  "lastModified": "2024-11-21T01:25:12.347",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-20T22:55:02.907",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-07-23 17:20

Modified

2024-11-21 01:53

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/95585
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30174	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/61416
ykramarz@cisco.com	http://www.securitytracker.com/id/1028825
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95585
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30174	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61416
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028825

Impacted products

	Vendor	Product	Version
	cisco	unified_operations_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades XSS en Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de una URL manipulada en un campo en la cabecera de un HTML. Aka Bug ID CSCud80182."
    }
  ],
  "id": "CVE-2013-3439",
  "lastModified": "2024-11-21T01:53:38.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-23T17:20:53.230",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/95585"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/61416"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1028825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028825"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-29 19:00

Modified

2024-11-21 01:17

Severity ?

Summary

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/68927
ykramarz@cisco.com	http://secunia.com/advisories/42011	Vendor Advisory
ykramarz@cisco.com	http://securitytracker.com/id?1024646
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml	Patch, Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/44468	Patch
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2010/2793	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/68927
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024646
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44468	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2793	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ciscoworks_common_services	3.0.5
cisco	ciscoworks_common_services	3.0.6
cisco	ciscoworks_common_services	3.1
cisco	ciscoworks_common_services	3.1.1
cisco	ciscoworks_common_services	3.2
cisco	ciscoworks_common_services	3.3
cisco	ciscoworks_lan_management_solution	2.6
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.1
cisco	ciscoworks_lan_management_solution	3.2
cisco	qos_policy_manager	4.0
cisco	qos_policy_manager	4.0.1
cisco	qos_policy_manager	4.0.2
cisco	security_manager	3.0.2
cisco	security_manager	3.2
cisco	telepresence_readiness_assessment_manager	1.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_service_monitor	2.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22DE1462-59AC-40BE-89DF-AB43CA3EC7BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:update:*:*:*:*:*:*",
              "matchCriteriaId": "3D8B4ED2-15B4-4FE1-A159-D6435B5DCA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*",
              "matchCriteriaId": "D81D6312-9A3E-483D-BBFC-C7688B3872A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8493C0-A3FF-473A-BFD5-DB6051AE8DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEE8595-B861-4DAB-9708-B2DA30C36C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5C060-E09E-4F28-9B87-0417DBFB9368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FCE4EC-B432-4768-BF3A-F1A29BD6B4B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA713155-3826-401C-88E6-5D556513877A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
    },
    {
      "lang": "es",
      "value": "Multiples desbordamientos de b\u00fafer en la funci\u00f3n de autenticaci\u00f3n en el m\u00f3dulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de sesiones TCP en el puerto (1) 443 o (2) 1741, tambi\u00e9n conocido como \"Bug ID CSCti41352\"."
    }
  ],
  "id": "CVE-2010-3036",
  "lastModified": "2024-11-21T01:17:55.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-29T19:00:02.013",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-09-19 12:02

Modified

2024-11-21 01:28

Severity ?

Summary

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

References

URL	Tags
security_alert@emc.com	http://secunia.com/advisories/45979	Vendor Advisory
security_alert@emc.com	http://secunia.com/advisories/46016	Vendor Advisory
security_alert@emc.com	http://secunia.com/advisories/46052	Vendor Advisory
security_alert@emc.com	http://secunia.com/advisories/46053	Vendor Advisory
security_alert@emc.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml	Vendor Advisory
security_alert@emc.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml	Vendor Advisory
security_alert@emc.com	http://www.osvdb.org/75442
security_alert@emc.com	http://www.securityfocus.com/archive/1/519646/100/0/threaded
security_alert@emc.com	http://www.securityfocus.com/bid/49627
security_alert@emc.com	http://www.securityfocus.com/bid/49644
security_alert@emc.com	http://www.securitytracker.com/id?1026046
security_alert@emc.com	http://www.securitytracker.com/id?1026047
security_alert@emc.com	http://www.securitytracker.com/id?1026048
security_alert@emc.com	http://www.securitytracker.com/id?1026059
security_alert@emc.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45979	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46016	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46052	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46053	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/75442
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519646/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49627
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49644
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026046
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026047
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026048
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026059
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69828

Impacted products

Vendor	Product	Version
cisco	unified_service_monitor	*
cisco	unified_service_monitor	1.1
cisco	unified_service_monitor	2.0
cisco	unified_service_monitor	2.0.1
cisco	unified_service_monitor	2.1
cisco	unified_service_monitor	2.2
cisco	unified_service_monitor	2.3
cisco	unified_service_monitor	8.0
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.1
cisco	ciscoworks_lan_management_solution	3.2
cisco	ciscoworks_lan_management_solution	4.0
cisco	ciscoworks_lan_management_solution	4.0.1
cisco	unified_operations_manager	*
cisco	unified_operations_manager	1.0
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_operations_manager	2.1
cisco	unified_operations_manager	2.2
cisco	unified_operations_manager	2.3
cisco	unified_operations_manager	8.0
emc	ionix_acm	*
emc	ionix_asam	*
emc	ionix_ip	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F9DA2FE-4D4A-4050-AA4E-E600B85B6CD1",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2F5BDC-A768-4A07-92A2-1C9DF484C3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6041F558-D641-4067-BBC8-EC23D0A1ED18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA713155-3826-401C-88E6-5D556513877A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56101F5A-4099-4027-859D-07CFE598F1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D7ED3-5F22-47E0-9849-39229F893774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7A0546-10A3-4E3F-83B8-A8C12CCCC745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "814A0932-E5B5-4B2C-8216-433E0D6C4238",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*",
              "matchCriteriaId": "D81D6312-9A3E-483D-BBFC-C7688B3872A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8493C0-A3FF-473A-BFD5-DB6051AE8DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30403ADA-2382-402D-AAD3-6E86F8E23616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0810DAF4-2D1B-4B48-9DD1-BC417B3C7E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC421340-135D-45AD-8E59-F1B62805ABEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:ionix_acm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FD3AEC-D4FF-49BB-86F1-8E90133E2418",
              "versionEndIncluding": "2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:ionix_asam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD264FD3-A076-4414-B159-D9A81B15A026",
              "versionEndIncluding": "3.2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:ionix_ip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A30BC92-680F-455D-A3A9-6690F78F485D",
              "versionEndIncluding": "8.1.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Unified Service Monitor de Cisco anterior a versi\u00f3n 8.6, tal y como es usado en Unified Operations Manager anterior a versi\u00f3n 8.6 y CiscoWorks LAN Management Solution versiones 3.x y 4.x anteriores a 4.1; y m\u00faltiples productos de Ionix de EMC, incluido Application Connectivity Monitor (Ionix ACM) versi\u00f3n 2.3 y versiones anteriores, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) versi\u00f3n 3.2.0.2 y anteriores, IP Management Suite (Ionix IP) versi\u00f3n 8.1.1.1 y versiones anteriores, y otros productos Ionix; permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de paquetes dise\u00f1ados al puerto TCP 9002, tambi\u00e9n se conoce como Bug IDs CSCtn42961 y CSCtn64922, relacionados con un desbordamiento de b\u00fafer."
    }
  ],
  "id": "CVE-2011-2738",
  "lastModified": "2024-11-21T01:28:51.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-19T12:02:55.357",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45979"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46016"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46052"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46053"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.osvdb.org/75442"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/49627"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/49644"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026046"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026047"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026048"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026059"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/75442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-05-21 14:30

Modified

2024-11-21 01:01

Severity ?

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

References

URL	Tags
ykramarz@cisco.com	http://jvn.jp/en/jp/JVN62527913/index.html
ykramarz@cisco.com	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
ykramarz@cisco.com	http://osvdb.org/54616
ykramarz@cisco.com	http://secunia.com/advisories/35179
ykramarz@cisco.com	http://securitytracker.com/id?1022263
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml	Patch, Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/35040
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2009/1390
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN62527913/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54616
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35179
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022263
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35040
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1390

Impacted products

Vendor	Product	Version
cisco	ciscoworks_common_services	3.0.3
cisco	ciscoworks_common_services	3.0.4
cisco	ciscoworks_common_services	3.0.5
cisco	ciscoworks_common_services	3.0.6
cisco	ciscoworks_common_services	3.1
cisco	ciscoworks_common_services	3.1.1
cisco	ciscoworks_common_services	3.2
cisco	ciscoworks_health_and_utilization_monitor	1.0
cisco	ciscoworks_health_and_utilization_monitor	1.1
cisco	ciscoworks_lan_management_solution	2.5
cisco	ciscoworks_lan_management_solution	2.6
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.1
cisco	ciscoworks_qos_policy_manager	4.0
cisco	ciscoworks_qos_policy_manager	4.1
cisco	ciscoworks_voice_manager	3.0
cisco	ciscoworks_voice_manager	3.1
cisco	security_manager	3.0
cisco	security_manager	3.1
cisco	security_manager	3.2
cisco	telepresence_readiness_assessment_manager	1.0
cisco	unified_operations_manager	1.0
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.1
cisco	unified_provisioning_manager	1.0
cisco	unified_provisioning_manager	1.1
cisco	unified_provisioning_manager	1.2
cisco	unified_provisioning_manager	1.3
cisco	unified_service_monitor	1.0
cisco	unified_service_monitor	1.1
cisco	unified_service_monitor	2.0
cisco	unified_service_monitor	2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "EFFC3AE9-1B61-44F8-938B-6363EDB2DD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "1BB12692-8BCD-4601-83AE-12F1AFD1EF03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:windows:*:*:*:*:*",
              "matchCriteriaId": "1017A34C-A119-41D4-AE10-1E35FAFF0547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5399066A-658B-4494-A291-DB20E0CE7687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BD8374C6-D8A3-43CB-A9F7-8A71CD69BE9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "DC455CA4-A1F7-4614-9A6F-ABCB0C9026E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F5941482-DB47-49E8-90BA-650073C3A233",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CC556B9-7073-41E3-8099-00B796F8B68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87814504-DC6B-41CA-873E-F46B2F71A3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB783DD2-C6B7-406B-9DC4-E1BC832D025C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CBDA0C-EE71-459C-AFA1-9879C6727287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30B25F2-2DEB-4254-88DB-FA31AB6CA04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F77163A8-3F2F-473F-B776-A155D94011DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F143B9-20B4-4140-805F-5F709290D6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "562CA8A8-C17E-4985-8EA0-E2CB61355FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4D6E7-9884-4C7B-BD40-F8C08E78E93A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC421340-135D-45AD-8E59-F1B62805ABEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C453852A-D639-4872-B8FE-AE7E2BC019A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D4CAE-582C-47F5-A3D5-CC1D3BE00308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0337CC9-B682-4135-B5C8-745B41474EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FC0DD7-81A3-4294-ACA5-0F8B05E7CC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5A8958-B3DE-443B-921F-3AE25FFBF615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2F5BDC-A768-4A07-92A2-1C9DF484C3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6041F558-D641-4067-BBC8-EC23D0A1ED18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56101F5A-4099-4027-859D-07CFE598F1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Windows, tambi\u00e9n utilizado en Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager y otros productos, lo que permite atacantes remotos acceder a ficheros arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-1161",
  "lastModified": "2024-11-21T01:01:48.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-21T14:30:00.390",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/54616"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/35179"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://securitytracker.com/id?1022263"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/35040"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2009/1390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1390"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-20 22:55

Modified

2024-11-21 01:25

Severity ?

Summary

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

References

URL	Tags
ykramarz@cisco.com	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=23086	Vendor Advisory
ykramarz@cisco.com	http://www.exploit-db.com/exploits/17304	Exploit
ykramarz@cisco.com	http://www.securityfocus.com/bid/47898
ykramarz@cisco.com	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67522
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=23086	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17304	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47898
af854a3a-2127-422b-91ae-364da2661108	http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67522

Impacted products

Vendor	Product	Version
cisco	unified_operations_manager	*
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_operations_manager	2.1
cisco	unified_operations_manager	2.2
cisco	unified_operations_manager	2.3
cisco	unified_operations_manager	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Cisco Unified Operations Manager (CUOM) anterior a v8.6, permite a atacantes remotos ejecuctar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro CCMs de iptm/PRTestCreation.do o (2) el par\u00e1metro ccm de iptm/TelePresenceReportAction.do, tambi\u00e9n conocido c\u00f3mo Bug ID CSCtn61716."
    }
  ],
  "id": "CVE-2011-0960",
  "lastModified": "2024-11-21T01:25:12.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-20T22:55:02.953",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/47898"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-12 13:28

Modified

2024-11-21 01:57

Severity ?

Summary

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
ykramarz@cisco.com	http://www.securityfocus.com/bid/62333
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87026
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87026

Impacted products

Vendor	Product	Version
cisco	prime_lan_management_solution	-
cisco	security_manager	*
cisco	unified_operations_manager	-
cisco	unified_service_monitor	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
    },
    {
      "lang": "es",
      "value": "Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de sesiones TCP simult\u00e1neas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969."
    }
  ],
  "id": "CVE-2013-5488",
  "lastModified": "2024-11-21T01:57:34.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-12T13:28:32.207",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/62333"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

All the vulnerabilites related to cisco - unified_operations_manager

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd