First published: Fri Aug 31 2007(Updated: )
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Call Manager | =4.2\(2\) | |
Cisco Unified Communications Manager | =3.3\(5\) | |
Cisco Call Manager | =3.3\(5\)sr2 | |
Cisco Call Manager | =4.3\(1\) | |
Cisco Unified Communications Manager | =4.1\(3\)sr1 | |
Cisco Call Manager | =4.1\(3\)sr1 | |
Cisco Call Manager | =4.1 | |
Cisco Call Manager | =3.3\(5\)sr2a | |
Cisco Unified Communications Manager | =4.2.3sr1 | |
Cisco Unified Communications Manager | =4.1\(3\)sr2 | |
Cisco Call Manager | =4.1\(3\)sr2 | |
Cisco Unified Communications Manager | =4.1\(3\) | |
Cisco Unified Communications Manager | =4.2 | |
Cisco Unified Communications Manager | =4.3 | |
Cisco Unified Communications Manager | =4.2.3 | |
Cisco Unified Communications Manager | =4.1\(3\)sr4 | |
Cisco Call Manager | =4.2 | |
Cisco Unified Communications Manager | =4.2.1 | |
Cisco Call Manager | =4.2\(1\) | |
Cisco Call Manager | =4.3 | |
Cisco Call Manager | =4.1\(3\)sr3 | |
Cisco Unified Communications Manager | =3.3\(5\)sr2a | |
Cisco Call Manager | =4.2\(3\)sr1 | |
Cisco Unified Communications Manager | =4.2.2 | |
Cisco Unified Communications Manager | =4.3\(1\) | |
Cisco Unified Communications Manager | =4.1\(3\)sr3 | |
Cisco Call Manager | =4.2\(3\) | |
Cisco Unified Communications Manager | =3.3\(5\)sr1 | |
Cisco Call Manager | =4.2\(3\)sr2 | |
Cisco Call Manager | =4.1\(3\)sr4 | |
Cisco Call Manager | =3.3\(5\)sr1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.