Sign-up

ID

VAR-201205-0224


CVE

CVE-2012-0337


TITLE

Cisco Unified MeetingPlace of Web In the component SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-002203

DESCRIPTION

SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cisco Unified MeetingPlace versions prior to 7.1.2.6 (MR1) are affected. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2012-0337 // JVNDB: JVNDB-2012-002203 // BID: 53431 // VULHUB: VHN-53618

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:7.1

Trust: 1.9

vendor:ciscomodel:unified meetingplacescope:eqversion:web conferencing 8.0mr1 patch 1

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:eqversion:web conferencing 8.5mr3

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:eqversion:web conferencing 7.0

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:ltversion:7.1

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:ltversion:8.0

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:ltversion:8.5

Trust: 0.8

vendor:ciscomodel:unified meetingplacescope:eqversion:web conferencing 7.1mr1

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:6.0.639.3

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:6.0.639.2

Trust: 0.3

vendor:ciscomodel:unified meetingplace hotfix 5fscope:eqversion:7.0(2.3)

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:7

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:6

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:neversion:7.1.26

Trust: 0.3

sources: BID: 53431 // JVNDB: JVNDB-2012-002203 // CNNVD: CNNVD-201205-049 // NVD: CVE-2012-0337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0337
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0337
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201205-049
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53618
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0337
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53618
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53618 // JVNDB: JVNDB-2012-002203 // CNNVD: CNNVD-201205-049 // NVD: CVE-2012-0337

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-53618 // JVNDB: JVNDB-2012-002203 // NVD: CVE-2012-0337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-049

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201205-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002203

PATCH
title:cisco-sa-20121031-mpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
Trust: 0.8
title:Release Notes for Cisco Unified MeetingPlace Release 8.5url:http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/8_5/english/releasenotes/mp85rn.html
Trust: 0.8
title:Release Notes for Cisco Unified MeetingPlace Release 7.1url:http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html
Trust: 0.8
title:cisco-sa-20121031-mpurl:http://www.cisco.com/cisco/web/support/JP/111/1116/1116755_cisco-sa-20121031-mp-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-002203

EXTERNAL IDS
db:NVDid:CVE-2012-0337
Trust: 2.8
db:JVNDBid:JVNDB-2012-002203
Trust: 0.8
db:CNNVDid:CNNVD-201205-049
Trust: 0.7
db:NSFOCUSid:19587
Trust: 0.6
db:BIDid:53431
Trust: 0.4
db:VULHUBid:VHN-53618
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53618 // 
            
            
            
            BID: 53431 // 
            
            
            
            JVNDB: JVNDB-2012-002203 // 
            
            
            
            CNNVD: CNNVD-201205-049 // 
            
            
            
            NVD: CVE-2012-0337

REFERENCES
url:http://www.cisco.com/en/us/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0337
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0337
Trust: 0.8
url:http://www.nsfocus.net/vulndb/19587
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-53618 // 
            
            
            
            BID: 53431 // 
            
            
            
            JVNDB: JVNDB-2012-002203 // 
            
            
            
            CNNVD: CNNVD-201205-049 // 
            
            
            
            NVD: CVE-2012-0337

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 53431

SOURCES
db:VULHUBid:VHN-53618
db:BIDid:53431
db:JVNDBid:JVNDB-2012-002203
db:CNNVDid:CNNVD-201205-049
db:NVDid:CVE-2012-0337

LAST UPDATE DATE
2024-11-23T22:08:50.092000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53618date:2012-05-11T00:00:00
db:BIDid:53431date:2012-11-01T16:30:00
db:JVNDBid:JVNDB-2012-002203date:2012-12-14T00:00:00
db:CNNVDid:CNNVD-201205-049date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0337date:2024-11-21T01:34:49.373

SOURCES RELEASE DATE
db:VULHUBid:VHN-53618date:2012-05-02T00:00:00
db:BIDid:53431date:2012-04-18T00:00:00
db:JVNDBid:JVNDB-2012-002203date:2012-05-08T00:00:00
db:CNNVDid:CNNVD-201205-049date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0337date:2012-05-02T10:09:21.927