CVE-2007-4634
Summary
| CVE | CVE-2007-4634 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-31 23:17:00 UTC |
| Updated | 2017-07-29 01:33:00 UTC |
| Description | Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Call Manager | 3.3(5)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3(5)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3(5)sr2a | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2a | All | All | All |
| Hardware | Cisco | Call Manager | 4.1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1(3)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1(3)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1(3)sr3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1(3)sr4 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr4 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2(1) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2(2) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2(3) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2(3)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2(3)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(1\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(2\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3(1) | All | All | All |
| Hardware | Cisco | Call Manager | 4.3\(1\) | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2a | All | All | All |
| Hardware | Cisco | Call Manager | 4.1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr4 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(1\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(2\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3\(1\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3(5) | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3(5)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3(5)sr2a | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\)sr2a | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1(3) | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1(3)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1(3)sr2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1(3)sr3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1(3)sr4 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr4 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.3(1) | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.3\(1\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 3.3\(5\)sr2a | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\) | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.1\(3\)sr4 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.3 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.3\(1\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Cisco CallManager/Unified Communications Manager Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks - SecurityTracker | SECTRACK | securitytracker.com | |
| Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities | BID | www.securityfocus.com | Exploit |
| Cisco CallManager / CUCM Cross-Site Scripting and SQL Injection - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page - Cisco Systems | CISCO | www.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.