Search criteria

33 vulnerabilities found for unified_operations_manager by cisco

FKIE_CVE-2013-5488

Vulnerability from fkie_nvd - Published: 2013-09-12 13:28 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488Vendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30749
psirt@cisco.comhttp://www.securityfocus.com/bid/62333
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87026
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30749
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87026
Impacted products
Vendor Product Version
cisco prime_lan_management_solution -
cisco security_manager *
cisco unified_operations_manager -
cisco unified_service_monitor -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
    },
    {
      "lang": "es",
      "value": "Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, y Cisco Unified Operations Manager, no interactua apropiadamente con el componente ActiveMQ, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de sesiones TCP simult\u00e1neas, tambien conocidas como Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, y CSCuh95969."
    }
  ],
  "id": "CVE-2013-5488",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-12T13:28:32.207",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/62333"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3440

Vulnerability from fkie_nvd - Published: 2013-07-23 17:20 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
References
psirt@cisco.comhttp://osvdb.org/95584
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440Vendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30175Vendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/61414
psirt@cisco.comhttp://www.securitytracker.com/id/1028819
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95584
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30175Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61414
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028819
Impacted products
Vendor Product Version
cisco unified_operations_manager -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades XSS en el interfaz web de administraci\u00f3n de Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias y obtener cookies seguras a trav\u00e9s de vectores no especificados. Aka Bug ID CSCud80186."
    }
  ],
  "id": "CVE-2013-3440",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-23T17:20:53.237",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/95584"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/61414"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1028819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028819"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3439

Vulnerability from fkie_nvd - Published: 2013-07-23 17:20 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.
References
psirt@cisco.comhttp://osvdb.org/95585
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439Vendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30174Vendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/61416
psirt@cisco.comhttp://www.securitytracker.com/id/1028825
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95585
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61416
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028825
Impacted products
Vendor Product Version
cisco unified_operations_manager -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades XSS en Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de una URL manipulada en un campo en la cabecera de un HTML. Aka Bug ID CSCud80182."
    }
  ],
  "id": "CVE-2013-3439",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-23T17:20:53.230",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/95585"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/61416"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1028825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028825"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3437

Vulnerability from fkie_nvd - Published: 2013-07-23 11:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
References
psirt@cisco.comhttp://osvdb.org/95472
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437Vendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30153Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95472
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30153Vendor Advisory
Impacted products
Vendor Product Version
cisco unified_operations_manager -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Cisco Unified Operations Manager, permite a usuarios autenticados la ejecuci\u00f3n arbitraria de comandos SQL a trav\u00e9s de un campo de entrada. Aka Bug ID CSCud80179."
    }
  ],
  "id": "CVE-2013-3437",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:02.037",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/95472"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3416

Vulnerability from fkie_nvd - Published: 2013-07-10 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416
psirt@cisco.comhttp://www.securitytracker.com/id/1028765
psirt@cisco.comhttp://www.securitytracker.com/id/1028766
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028765
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028766
Impacted products
Vendor Product Version
cisco unified_operations_manager -
cisco unified_service_monitor -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F10FFA-58FA-45BC-BD2A-7C01D8D02315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2F9E15-8B14-4CBB-B997-0DB94E9A5624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el framework web en la implementaci\u00f3n del gestor de comunicaciones en Cisco Unified Operations Manager y Unified Service Monitor, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro no especificado, tambi\u00e9n conocido como Bug IDs CSCuh47574 y CSCuh95997."
    }
  ],
  "id": "CVE-2013-3416",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-10T21:55:00.947",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1028765"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1028766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028766"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-2738

Vulnerability from fkie_nvd - Published: 2011-09-19 12:02 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
References
security_alert@emc.comhttp://secunia.com/advisories/45979Vendor Advisory
security_alert@emc.comhttp://secunia.com/advisories/46016Vendor Advisory
security_alert@emc.comhttp://secunia.com/advisories/46052Vendor Advisory
security_alert@emc.comhttp://secunia.com/advisories/46053Vendor Advisory
security_alert@emc.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtmlVendor Advisory
security_alert@emc.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtmlVendor Advisory
security_alert@emc.comhttp://www.osvdb.org/75442
security_alert@emc.comhttp://www.securityfocus.com/archive/1/519646/100/0/threaded
security_alert@emc.comhttp://www.securityfocus.com/bid/49627
security_alert@emc.comhttp://www.securityfocus.com/bid/49644
security_alert@emc.comhttp://www.securitytracker.com/id?1026046
security_alert@emc.comhttp://www.securitytracker.com/id?1026047
security_alert@emc.comhttp://www.securitytracker.com/id?1026048
security_alert@emc.comhttp://www.securitytracker.com/id?1026059
security_alert@emc.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69828
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45979Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46016Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46052Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46053Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/75442
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/519646/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49627
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49644
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026046
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026047
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026048
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026059
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Impacted products
Vendor Product Version
cisco unified_service_monitor *
cisco unified_service_monitor 1.1
cisco unified_service_monitor 2.0
cisco unified_service_monitor 2.0.1
cisco unified_service_monitor 2.1
cisco unified_service_monitor 2.2
cisco unified_service_monitor 2.3
cisco unified_service_monitor 8.0
cisco ciscoworks_lan_management_solution 3.0
cisco ciscoworks_lan_management_solution 3.0
cisco ciscoworks_lan_management_solution 3.1
cisco ciscoworks_lan_management_solution 3.2
cisco ciscoworks_lan_management_solution 4.0
cisco ciscoworks_lan_management_solution 4.0.1
cisco unified_operations_manager *
cisco unified_operations_manager 1.0
cisco unified_operations_manager 1.1
cisco unified_operations_manager 2.0
cisco unified_operations_manager 2.0.1
cisco unified_operations_manager 2.0.2
cisco unified_operations_manager 2.0.3
cisco unified_operations_manager 2.1
cisco unified_operations_manager 2.2
cisco unified_operations_manager 2.3
cisco unified_operations_manager 8.0
emc ionix_acm *
emc ionix_asam *
emc ionix_ip *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F9DA2FE-4D4A-4050-AA4E-E600B85B6CD1",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2F5BDC-A768-4A07-92A2-1C9DF484C3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6041F558-D641-4067-BBC8-EC23D0A1ED18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA713155-3826-401C-88E6-5D556513877A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56101F5A-4099-4027-859D-07CFE598F1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457D7ED3-5F22-47E0-9849-39229F893774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7A0546-10A3-4E3F-83B8-A8C12CCCC745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "814A0932-E5B5-4B2C-8216-433E0D6C4238",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*",
              "matchCriteriaId": "D81D6312-9A3E-483D-BBFC-C7688B3872A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8493C0-A3FF-473A-BFD5-DB6051AE8DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30403ADA-2382-402D-AAD3-6E86F8E23616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0810DAF4-2D1B-4B48-9DD1-BC417B3C7E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC421340-135D-45AD-8E59-F1B62805ABEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:ionix_acm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FD3AEC-D4FF-49BB-86F1-8E90133E2418",
              "versionEndIncluding": "2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:ionix_asam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD264FD3-A076-4414-B159-D9A81B15A026",
              "versionEndIncluding": "3.2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:ionix_ip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A30BC92-680F-455D-A3A9-6690F78F485D",
              "versionEndIncluding": "8.1.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en Unified Service Monitor de Cisco anterior a versi\u00f3n 8.6, tal y como es usado en Unified Operations Manager anterior a versi\u00f3n 8.6 y CiscoWorks LAN Management Solution versiones 3.x y 4.x anteriores a 4.1; y m\u00faltiples productos de Ionix de EMC, incluido Application Connectivity Monitor (Ionix ACM) versi\u00f3n 2.3 y versiones anteriores, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) versi\u00f3n 3.2.0.2 y anteriores, IP Management Suite (Ionix IP) versi\u00f3n 8.1.1.1 y versiones anteriores, y otros productos Ionix; permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de paquetes dise\u00f1ados al puerto TCP 9002, tambi\u00e9n se conoce como Bug IDs CSCtn42961 y CSCtn64922, relacionados con un desbordamiento de b\u00fafer."
    }
  ],
  "id": "CVE-2011-2738",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-19T12:02:55.357",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45979"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46016"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46052"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46053"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.osvdb.org/75442"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/49627"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/49644"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026046"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026047"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026048"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026059"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/75442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-0962

Vulnerability from fkie_nvd - Published: 2011-05-20 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
References
psirt@cisco.comhttp://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23087
psirt@cisco.comhttp://www.exploit-db.com/exploits/17304Exploit
psirt@cisco.comhttp://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67524
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/17304Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/67524
Impacted products
Vendor Product Version
cisco unified_operations_manager *
cisco unified_operations_manager 1.1
cisco unified_operations_manager 2.0
cisco unified_operations_manager 2.0.1
cisco unified_operations_manager 2.0.2
cisco unified_operations_manager 2.0.3
cisco unified_operations_manager 2.1
cisco unified_operations_manager 2.2
cisco unified_operations_manager 2.3
cisco unified_operations_manager 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine en el Common Services Device Center en Cisco Unified Operations Manager (CUOM) anterior a v8.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"tag\", tambi\u00e9n conocido como Bug ID CSCto12712."
    }
  ],
  "id": "CVE-2011-0962",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-20T22:55:03.033",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-0959

Vulnerability from fkie_nvd - Published: 2011-05-20 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
References
psirt@cisco.comhttp://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23085Vendor Advisory
psirt@cisco.comhttp://www.exploit-db.com/exploits/17304Exploit
psirt@cisco.comhttp://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67521
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=23085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/17304Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/67521
Impacted products
Vendor Product Version
cisco unified_operations_manager *
cisco unified_operations_manager 1.1
cisco unified_operations_manager 2.0
cisco unified_operations_manager 2.0.1
cisco unified_operations_manager 2.0.2
cisco unified_operations_manager 2.0.3
cisco unified_operations_manager 2.1
cisco unified_operations_manager 2.2
cisco unified_operations_manager 2.3
cisco unified_operations_manager 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Operations Manager (CUOM) antes de v8.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro extn de iptm/advancedfind.do, (2) el par\u00e1metro deviceInstanceName de iptm/ddv.do, el (3) cmd o (4) el par\u00e1metro group de iptm/eventmon, el par\u00e1metro (5) clusterName o (6) deviceName de iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, o el par\u00e1metro (7) ccmName o (8) clusterName de iptm/logicalTopo.do, tambi\u00e9n conocido como Bug ID CSCtn61716."
    }
  ],
  "id": "CVE-2011-0959",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-20T22:55:02.907",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-0960

Vulnerability from fkie_nvd - Published: 2011-05-20 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
References
psirt@cisco.comhttp://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23086Vendor Advisory
psirt@cisco.comhttp://www.exploit-db.com/exploits/17304Exploit
psirt@cisco.comhttp://www.securityfocus.com/bid/47898
psirt@cisco.comhttp://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67522
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=23086Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/17304Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47898
af854a3a-2127-422b-91ae-364da2661108http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfExploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/67522
Impacted products
Vendor Product Version
cisco unified_operations_manager *
cisco unified_operations_manager 1.1
cisco unified_operations_manager 2.0
cisco unified_operations_manager 2.0.1
cisco unified_operations_manager 2.0.2
cisco unified_operations_manager 2.0.3
cisco unified_operations_manager 2.1
cisco unified_operations_manager 2.2
cisco unified_operations_manager 2.3
cisco unified_operations_manager 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853",
              "versionEndIncluding": "8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Cisco Unified Operations Manager (CUOM) anterior a v8.6, permite a atacantes remotos ejecuctar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro CCMs de iptm/PRTestCreation.do o (2) el par\u00e1metro ccm de iptm/TelePresenceReportAction.do, tambi\u00e9n conocido c\u00f3mo Bug ID CSCtn61716."
    }
  ],
  "id": "CVE-2011-0960",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-20T22:55:02.953",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/47898"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2010-3036

Vulnerability from fkie_nvd - Published: 2010-10-29 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
References
psirt@cisco.comhttp://osvdb.org/68927
psirt@cisco.comhttp://secunia.com/advisories/42011Vendor Advisory
psirt@cisco.comhttp://securitytracker.com/id?1024646
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtmlPatch, Vendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/44468Patch
psirt@cisco.comhttp://www.vupen.com/english/advisories/2010/2793Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/68927
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42011Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024646
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/44468Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2793Vendor Advisory
Impacted products
Vendor Product Version
cisco ciscoworks_common_services 3.0.5
cisco ciscoworks_common_services 3.0.6
cisco ciscoworks_common_services 3.1
cisco ciscoworks_common_services 3.1.1
cisco ciscoworks_common_services 3.2
cisco ciscoworks_common_services 3.3
cisco ciscoworks_lan_management_solution 2.6
cisco ciscoworks_lan_management_solution 3.0
cisco ciscoworks_lan_management_solution 3.0
cisco ciscoworks_lan_management_solution 3.1
cisco ciscoworks_lan_management_solution 3.2
cisco qos_policy_manager 4.0
cisco qos_policy_manager 4.0.1
cisco qos_policy_manager 4.0.2
cisco security_manager 3.0.2
cisco security_manager 3.2
cisco telepresence_readiness_assessment_manager 1.0
cisco unified_operations_manager 2.0.1
cisco unified_operations_manager 2.0.2
cisco unified_operations_manager 2.0.3
cisco unified_service_monitor 2.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22DE1462-59AC-40BE-89DF-AB43CA3EC7BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:update:*:*:*:*:*:*",
              "matchCriteriaId": "3D8B4ED2-15B4-4FE1-A159-D6435B5DCA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*",
              "matchCriteriaId": "D81D6312-9A3E-483D-BBFC-C7688B3872A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8493C0-A3FF-473A-BFD5-DB6051AE8DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEE8595-B861-4DAB-9708-B2DA30C36C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5C060-E09E-4F28-9B87-0417DBFB9368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FCE4EC-B432-4768-BF3A-F1A29BD6B4B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA713155-3826-401C-88E6-5D556513877A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
    },
    {
      "lang": "es",
      "value": "Multiples desbordamientos de b\u00fafer en la funci\u00f3n de autenticaci\u00f3n en el m\u00f3dulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de sesiones TCP en el puerto (1) 443 o (2) 1741, tambi\u00e9n conocido como \"Bug ID CSCti41352\"."
    }
  ],
  "id": "CVE-2010-3036",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-29T19:00:02.013",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-5488 (GCVE-0-2013-5488)

Vulnerability from cvelistv5 – Published: 2013-09-12 01:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
          },
          {
            "name": "cisco-cve20135488-dos(87026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
          },
          {
            "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
          },
          {
            "name": "62333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
        },
        {
          "name": "cisco-cve20135488-dos(87026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
        },
        {
          "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
        },
        {
          "name": "62333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
            },
            {
              "name": "cisco-cve20135488-dos(87026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
            },
            {
              "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
            },
            {
              "name": "62333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5488",
    "datePublished": "2013-09-12T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3439 (GCVE-0-2013-3439)

Vulnerability from cvelistv5 – Published: 2013-07-23 17:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/61416 vdb-entryx_refsource_BID
http://osvdb.org/95585 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.securitytracker.com/id/1028825 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
          },
          {
            "name": "61416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61416"
          },
          {
            "name": "95585",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95585"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
          },
          {
            "name": "1028825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
        },
        {
          "name": "61416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61416"
        },
        {
          "name": "95585",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95585"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
        },
        {
          "name": "1028825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
            },
            {
              "name": "61416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61416"
            },
            {
              "name": "95585",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95585"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
            },
            {
              "name": "1028825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3439",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3440 (GCVE-0-2013-3440)

Vulnerability from cvelistv5 – Published: 2013-07-23 17:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.securityfocus.com/bid/61414 vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1028819 vdb-entryx_refsource_SECTRACK
http://osvdb.org/95584 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
          },
          {
            "name": "61414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61414"
          },
          {
            "name": "1028819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028819"
          },
          {
            "name": "95584",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95584"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
        },
        {
          "name": "61414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61414"
        },
        {
          "name": "1028819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028819"
        },
        {
          "name": "95584",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95584"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
            },
            {
              "name": "61414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61414"
            },
            {
              "name": "1028819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028819"
            },
            {
              "name": "95584",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95584"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3440",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3437 (GCVE-0-2013-3437)

Vulnerability from cvelistv5 – Published: 2013-07-22 14:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/95472 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95472",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
          },
          {
            "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-22T14:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "95472",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
        },
        {
          "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95472",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95472"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
            },
            {
              "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3437",
    "datePublished": "2013-07-22T14:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3416 (GCVE-0-2013-3416)

Vulnerability from cvelistv5 – Published: 2013-07-10 21:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1028765 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1028766 vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1028765",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028765"
          },
          {
            "name": "1028766",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028766"
          },
          {
            "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-20T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1028765",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028765"
        },
        {
          "name": "1028766",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028766"
        },
        {
          "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3416",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1028765",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028765"
            },
            {
              "name": "1028766",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028766"
            },
            {
              "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3416",
    "datePublished": "2013-07-10T21:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2738 (GCVE-0-2011-2738)

Vulnerability from cvelistv5 – Published: 2011-09-17 10:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/46052 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1026048 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/46053 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/45979 third-party-advisoryx_refsource_SECUNIA
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.osvdb.org/75442 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/46016 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/49627 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/49644 vdb-entryx_refsource_BID
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1026059 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1026047 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1026046 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/archive/1/519646/100… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46052",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46052"
          },
          {
            "name": "1026048",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026048"
          },
          {
            "name": "46053",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46053"
          },
          {
            "name": "45979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45979"
          },
          {
            "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
          },
          {
            "name": "75442",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/75442"
          },
          {
            "name": "cisco-unspecified-code-execution(69828)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
          },
          {
            "name": "46016",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46016"
          },
          {
            "name": "49627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49627"
          },
          {
            "name": "49644",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49644"
          },
          {
            "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
          },
          {
            "name": "1026059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026059"
          },
          {
            "name": "1026047",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026047"
          },
          {
            "name": "1026046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026046"
          },
          {
            "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "46052",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46052"
        },
        {
          "name": "1026048",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026048"
        },
        {
          "name": "46053",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46053"
        },
        {
          "name": "45979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45979"
        },
        {
          "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
        },
        {
          "name": "75442",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/75442"
        },
        {
          "name": "cisco-unspecified-code-execution(69828)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
        },
        {
          "name": "46016",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46016"
        },
        {
          "name": "49627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49627"
        },
        {
          "name": "49644",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49644"
        },
        {
          "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
        },
        {
          "name": "1026059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026059"
        },
        {
          "name": "1026047",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026047"
        },
        {
          "name": "1026046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026046"
        },
        {
          "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2011-2738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46052",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46052"
            },
            {
              "name": "1026048",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026048"
            },
            {
              "name": "46053",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46053"
            },
            {
              "name": "45979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45979"
            },
            {
              "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
            },
            {
              "name": "75442",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/75442"
            },
            {
              "name": "cisco-unspecified-code-execution(69828)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
            },
            {
              "name": "46016",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46016"
            },
            {
              "name": "49627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49627"
            },
            {
              "name": "49644",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49644"
            },
            {
              "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
            },
            {
              "name": "1026059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026059"
            },
            {
              "name": "1026047",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026047"
            },
            {
              "name": "1026046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026046"
            },
            {
              "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2011-2738",
    "datePublished": "2011-09-17T10:00:00",
    "dateReserved": "2011-07-13T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0959 (GCVE-0-2011-0959)

Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-multiple-xss(67521)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-multiple-xss(67521)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-multiple-xss(67521)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0959",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0960 (GCVE-0-2011-0960)

Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cuom-prtestcreation-sql-injection(67522)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "47898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cuom-prtestcreation-sql-injection(67522)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47898"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cuom-prtestcreation-sql-injection(67522)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0960",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0962 (GCVE-0-2011-0962)

Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-common-services-xss(67524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-common-services-xss(67524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-common-services-xss(67524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0962",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3036 (GCVE-0-2010-3036)

Vulnerability from cvelistv5 – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55
VLAI?
Summary
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/68927 vdb-entryx_refsource_OSVDB
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://securitytracker.com/id?1024646 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/44468 vdb-entryx_refsource_BID
http://secunia.com/advisories/42011 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/2793 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68927",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68927"
          },
          {
            "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
          },
          {
            "name": "1024646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024646"
          },
          {
            "name": "44468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44468"
          },
          {
            "name": "42011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42011"
          },
          {
            "name": "ADV-2010-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-06T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68927",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68927"
        },
        {
          "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
        },
        {
          "name": "1024646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024646"
        },
        {
          "name": "44468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44468"
        },
        {
          "name": "42011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42011"
        },
        {
          "name": "ADV-2010-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68927",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3036",
    "datePublished": "2010-10-29T18:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5488 (GCVE-0-2013-5488)

Vulnerability from nvd – Published: 2013-09-12 01:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
          },
          {
            "name": "cisco-cve20135488-dos(87026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
          },
          {
            "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
          },
          {
            "name": "62333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
        },
        {
          "name": "cisco-cve20135488-dos(87026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
        },
        {
          "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
        },
        {
          "name": "62333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30749"
            },
            {
              "name": "cisco-cve20135488-dos(87026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87026"
            },
            {
              "name": "20130911 Common Services ActiveMQ Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488"
            },
            {
              "name": "62333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5488",
    "datePublished": "2013-09-12T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3439 (GCVE-0-2013-3439)

Vulnerability from nvd – Published: 2013-07-23 17:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/61416 vdb-entryx_refsource_BID
http://osvdb.org/95585 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.securitytracker.com/id/1028825 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
          },
          {
            "name": "61416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61416"
          },
          {
            "name": "95585",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95585"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
          },
          {
            "name": "1028825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
        },
        {
          "name": "61416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61416"
        },
        {
          "name": "95585",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95585"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
        },
        {
          "name": "1028825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager HTTP Header Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3439"
            },
            {
              "name": "61416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61416"
            },
            {
              "name": "95585",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95585"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30174"
            },
            {
              "name": "1028825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3439",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3440 (GCVE-0-2013-3440)

Vulnerability from nvd – Published: 2013-07-23 17:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.securityfocus.com/bid/61414 vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1028819 vdb-entryx_refsource_SECTRACK
http://osvdb.org/95584 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
          },
          {
            "name": "61414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61414"
          },
          {
            "name": "1028819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028819"
          },
          {
            "name": "95584",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95584"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
        },
        {
          "name": "61414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61414"
        },
        {
          "name": "1028819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028819"
        },
        {
          "name": "95584",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95584"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Cisco Unified Operations Manager Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30175"
            },
            {
              "name": "61414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61414"
            },
            {
              "name": "1028819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028819"
            },
            {
              "name": "95584",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95584"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3440",
    "datePublished": "2013-07-23T17:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3437 (GCVE-0-2013-3437)

Vulnerability from nvd – Published: 2013-07-22 14:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/95472 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95472",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
          },
          {
            "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-22T14:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "95472",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
        },
        {
          "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95472",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95472"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30153"
            },
            {
              "name": "20130719 Cisco Unified Operations Manager SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3437",
    "datePublished": "2013-07-22T14:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3416 (GCVE-0-2013-3416)

Vulnerability from nvd – Published: 2013-07-10 21:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1028765 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1028766 vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1028765",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028765"
          },
          {
            "name": "1028766",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028766"
          },
          {
            "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-20T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1028765",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028765"
        },
        {
          "name": "1028766",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028766"
        },
        {
          "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3416",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1028765",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028765"
            },
            {
              "name": "1028766",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028766"
            },
            {
              "name": "20130709 Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3416",
    "datePublished": "2013-07-10T21:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2738 (GCVE-0-2011-2738)

Vulnerability from nvd – Published: 2011-09-17 10:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/46052 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1026048 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/46053 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/45979 third-party-advisoryx_refsource_SECUNIA
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.osvdb.org/75442 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/46016 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/49627 vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/49644 vdb-entryx_refsource_BID
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1026059 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1026047 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1026046 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/archive/1/519646/100… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46052",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46052"
          },
          {
            "name": "1026048",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026048"
          },
          {
            "name": "46053",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46053"
          },
          {
            "name": "45979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45979"
          },
          {
            "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
          },
          {
            "name": "75442",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/75442"
          },
          {
            "name": "cisco-unspecified-code-execution(69828)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
          },
          {
            "name": "46016",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46016"
          },
          {
            "name": "49627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49627"
          },
          {
            "name": "49644",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49644"
          },
          {
            "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
          },
          {
            "name": "1026059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026059"
          },
          {
            "name": "1026047",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026047"
          },
          {
            "name": "1026046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026046"
          },
          {
            "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "46052",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46052"
        },
        {
          "name": "1026048",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026048"
        },
        {
          "name": "46053",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46053"
        },
        {
          "name": "45979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45979"
        },
        {
          "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
        },
        {
          "name": "75442",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/75442"
        },
        {
          "name": "cisco-unspecified-code-execution(69828)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
        },
        {
          "name": "46016",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46016"
        },
        {
          "name": "49627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49627"
        },
        {
          "name": "49644",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49644"
        },
        {
          "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
        },
        {
          "name": "1026059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026059"
        },
        {
          "name": "1026047",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026047"
        },
        {
          "name": "1026046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026046"
        },
        {
          "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2011-2738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46052",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46052"
            },
            {
              "name": "1026048",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026048"
            },
            {
              "name": "46053",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46053"
            },
            {
              "name": "45979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45979"
            },
            {
              "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml"
            },
            {
              "name": "75442",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/75442"
            },
            {
              "name": "cisco-unspecified-code-execution(69828)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828"
            },
            {
              "name": "46016",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46016"
            },
            {
              "name": "49627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49627"
            },
            {
              "name": "49644",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49644"
            },
            {
              "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml"
            },
            {
              "name": "1026059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026059"
            },
            {
              "name": "1026047",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026047"
            },
            {
              "name": "1026046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026046"
            },
            {
              "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2011-2738",
    "datePublished": "2011-09-17T10:00:00",
    "dateReserved": "2011-07-13T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0959 (GCVE-0-2011-0959)

Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-multiple-xss(67521)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-multiple-xss(67521)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-multiple-xss(67521)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0959",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0960 (GCVE-0-2011-0960)

Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cuom-prtestcreation-sql-injection(67522)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "47898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cuom-prtestcreation-sql-injection(67522)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47898"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23086"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cuom-prtestcreation-sql-injection(67522)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0960",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0962 (GCVE-0-2011-0962)

Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
          },
          {
            "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
          },
          {
            "name": "17304",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17304"
          },
          {
            "name": "cisco-uom-common-services-xss(67524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
        },
        {
          "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
        },
        {
          "name": "17304",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17304"
        },
        {
          "name": "cisco-uom-common-services-xss(67524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23087"
            },
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-common-services-xss(67524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67524"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0962",
    "datePublished": "2011-05-20T22:00:00",
    "dateReserved": "2011-02-10T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3036 (GCVE-0-2010-3036)

Vulnerability from nvd – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55
VLAI?
Summary
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/68927 vdb-entryx_refsource_OSVDB
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://securitytracker.com/id?1024646 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/44468 vdb-entryx_refsource_BID
http://secunia.com/advisories/42011 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/2793 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68927",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68927"
          },
          {
            "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
          },
          {
            "name": "1024646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024646"
          },
          {
            "name": "44468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44468"
          },
          {
            "name": "42011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42011"
          },
          {
            "name": "ADV-2010-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-06T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68927",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68927"
        },
        {
          "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
        },
        {
          "name": "1024646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024646"
        },
        {
          "name": "44468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44468"
        },
        {
          "name": "42011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42011"
        },
        {
          "name": "ADV-2010-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68927",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3036",
    "datePublished": "2010-10-29T18:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}