CVE-2012-0337 — SQL Injection in Cisco Unified Meetingplace

CWE-89 — SQL Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 52.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Meetingplace

Timeline

PublishedMay 2

Latest updateMay 4

Description

SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/unified_meetingplace7.1

🔴Vulnerability Details

GHSA

GHSA-j2pp-2c3q-43g3: SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7↗2022-05-04

▶

CVEList

CVE-2012-0337: SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7↗2012-05-02

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing↗2012-10-31

▶

Cisco

Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability↗2012-10-31

▶

Cisco

Cisco Unified MeetingPlace SQL Injection Vulnerability↗2012-05-10

▶

💬Community

Bugzilla

Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird↗2012-07-10

▶