Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0960

CWE-89 — SQL Injection5 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 46.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Unified Operations Manager

Timeline

PublishedMay 20

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/unified_operations_manager8.5+9

🔴Vulnerability Details

GHSA

GHSA-gp85-9v5p-3cfv: Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8↗2022-05-17

▶

CVEList

CVE-2011-0960: Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8↗2011-05-20

▶

💥Exploits & PoCs

Exploit-DB

Cisco Unified Operations Manager - Multiple Vulnerabilities↗2011-05-18

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt↗2011-05-18

▶