Sign-up

ID

VAR-201307-0224


CVE

CVE-2013-3437


TITLE

Cisco Unified Operations Manager In the management application SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003494

DESCRIPTION

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCud80179. Other versions may also be affected. It provides a real-time service status view of the entire Cisco Unified Communications system, showing the current operational status of each component

Trust: 1.98

sources: NVD: CVE-2013-3437 // JVNDB: JVNDB-2013-003494 // BID: 61380 // VULHUB: VHN-63439

AFFECTED PRODUCTS

vendor:ciscomodel:unified operations managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified operations managerscope:eqversion:8.6

Trust: 1.1

sources: BID: 61380 // JVNDB: JVNDB-2013-003494 // CNNVD: CNNVD-201307-478 // NVD: CVE-2013-3437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3437
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3437
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-478
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63439
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3437
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63439
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63439 // JVNDB: JVNDB-2013-003494 // CNNVD: CNNVD-201307-478 // NVD: CVE-2013-3437

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-63439 // JVNDB: JVNDB-2013-003494 // NVD: CVE-2013-3437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-478

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-478

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003494

PATCH
title:Cisco Unified Operations Manager SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3437
Trust: 0.8
title:30153url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30153
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003494

EXTERNAL IDS
db:NVDid:CVE-2013-3437
Trust: 2.8
db:OSVDBid:95472
Trust: 1.1
db:JVNDBid:JVNDB-2013-003494
Trust: 0.8
db:CNNVDid:CNNVD-201307-478
Trust: 0.7
db:CISCOid:20130719 CISCO UNIFIED OPERATIONS MANAGER SQL INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:61380
Trust: 0.4
db:VULHUBid:VHN-63439
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63439 // 
            
            
            
            BID: 61380 // 
            
            
            
            JVNDB: JVNDB-2013-003494 // 
            
            
            
            CNNVD: CNNVD-201307-478 // 
            
            
            
            NVD: CVE-2013-3437

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3437
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30153
Trust: 1.4
url:http://osvdb.org/95472
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3437
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3437
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6535/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63439 // 
            
            
            
            BID: 61380 // 
            
            
            
            JVNDB: JVNDB-2013-003494 // 
            
            
            
            CNNVD: CNNVD-201307-478 // 
            
            
            
            NVD: CVE-2013-3437

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61380

SOURCES
db:VULHUBid:VHN-63439
db:BIDid:61380
db:JVNDBid:JVNDB-2013-003494
db:CNNVDid:CNNVD-201307-478
db:NVDid:CVE-2013-3437

LAST UPDATE DATE
2024-08-14T14:14:22.254000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63439date:2016-09-16T00:00:00
db:BIDid:61380date:2013-07-19T00:00:00
db:JVNDBid:JVNDB-2013-003494date:2013-07-24T00:00:00
db:CNNVDid:CNNVD-201307-478date:2013-07-24T00:00:00
db:NVDid:CVE-2013-3437date:2016-09-16T18:03:13.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-63439date:2013-07-23T00:00:00
db:BIDid:61380date:2013-07-19T00:00:00
db:JVNDBid:JVNDB-2013-003494date:2013-07-24T00:00:00
db:CNNVDid:CNNVD-201307-478date:2013-07-24T00:00:00
db:NVDid:CVE-2013-3437date:2013-07-23T11:03:02.037