Vulnerability CVE-2011-1653


Published: 2011-04-18   Modified: 2012-02-13

Description:
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

See advisories in our WLB2 database:
Topic
Author
Date
High
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
CA
04.10.2011

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Total defense 

 References:
http://securityreason.com/securityalert/8403
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517489/100/0/threaded
http://www.securityfocus.com/archive/1/517490/100/0/threaded
http://www.securityfocus.com/archive/1/517491/100/0/threaded
http://www.securityfocus.com/archive/1/517493/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/archive/1/517496/100/0/threaded
http://www.securityfocus.com/archive/1/517497/100/0/threaded
http://www.securityfocus.com/archive/1/517498/100/0/threaded
http://www.securityfocus.com/bid/47355
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-128/
http://www.zerodayinitiative.com/advisories/ZDI-11-129/
http://www.zerodayinitiative.com/advisories/ZDI-11-130/
http://www.zerodayinitiative.com/advisories/ZDI-11-131/
http://www.zerodayinitiative.com/advisories/ZDI-11-132/
http://www.zerodayinitiative.com/advisories/ZDI-11-133/
http://www.zerodayinitiative.com/advisories/ZDI-11-134/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66725

Copyright 2024, cxsecurity.com

 

Back to Top