CVE-2011-1653: SQL Injection
First published: Fri Apr 15 2011(Updated: )
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Total Defense | =r12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1025353
- http://www.zerodayinitiative.com/advisories/ZDI-11-128/
- http://www.zerodayinitiative.com/advisories/ZDI-11-129/
- http://www.zerodayinitiative.com/advisories/ZDI-11-134/
- http://secunia.com/advisories/44097
- http://www.securityfocus.com/bid/47355
- http://www.vupen.com/english/advisories/2011/0977
- http://www.zerodayinitiative.com/advisories/ZDI-11-132/
- http://www.zerodayinitiative.com/advisories/ZDI-11-131/
- http://www.zerodayinitiative.com/advisories/ZDI-11-130/
- http://www.zerodayinitiative.com/advisories/ZDI-11-133/
- http://securityreason.com/securityalert/8403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66725
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}
- http://www.securityfocus.com/archive/1/517498/100/0/threaded
- http://www.securityfocus.com/archive/1/517497/100/0/threaded
- http://www.securityfocus.com/archive/1/517496/100/0/threaded
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/archive/1/517493/100/0/threaded
- http://www.securityfocus.com/archive/1/517491/100/0/threaded
- http://www.securityfocus.com/archive/1/517490/100/0/threaded
- http://www.securityfocus.com/archive/1/517489/100/0/threaded
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
Frequently Asked Questions
What is the severity of CVE-2011-1653?
CVE-2011-1653 is classified as a high severity vulnerability due to its potential for remote code execution through SQL injection.
How do I fix CVE-2011-1653?
To fix CVE-2011-1653, update to the latest version of CA Total Defense r12 that includes the security patches addressing these SQL injection vulnerabilities.
What are the affected components in CVE-2011-1653?
The affected components in CVE-2011-1653 include the Unified Network Control (UNC) Server functionalities such as UnAssignFunctionalRoles and DeleteFilter.
Can CVE-2011-1653 be exploited remotely?
Yes, CVE-2011-1653 can be exploited remotely by attackers to execute arbitrary SQL commands on the affected server.
Which versions of CA Total Defense are affected by CVE-2011-1653?
CVE-2011-1653 affects CA Total Defense version r12 before SE2.
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/broadcom
- canonical/broadcom total defense
- version/broadcom total defense/r12