Cisco Unified Operations Manager 8.6 SQL Injection Vulnerability

medium Nessus Plugin ID 102978

Synopsis

The monitoring application hosted on the remote web server has multiple vulnerabilities.

Description

According to its self-reported version number, the version of Cisco Unified Operations Manager on the remote host has multiple vulnerabilities as described in CSCud80179.

Solution

Contact the vendor or apply the workarounds mentioned in the advisory.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=30153

http://www.nessus.org/u?83413812

http://www.nessus.org/u?844a06c8

Plugin Details

Severity: Medium

ID: 102978

File Name: cisco_uom-sa-20130719.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 9/6/2017

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:unified_operations_manager

Required KB Items: www/cisco_uom

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/19/2013

Reference Information

CVE: CVE-2013-3437

CISCO-BUG-ID: CSCud80179