Full Disclosure mailing list archives
Re: Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 18 May 2011 11:02:12 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, This is the Cisco PSIRT response to the vulnerabilities that were discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security, regarding multiple vulnerabilities in Cisco Unified Operations Manager (CuOM). We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. These vulnerabilities are documented in the following Cisco bug IDs and Intellishield vulnerability alerts: * CSCtn61716: XSS and SQL Blind Vulnerabilities in Cisco Unified Operations Manager Intellishield vulnerability alerts: SQL Blind Injection: http://tools.cisco.com/security/center/viewAlert.x?alertId=23085 CuOM XSS Vulnerabilities: http://tools.cisco.com/security/center/viewAlert.x?alertId=23086 * CSCto12704: Reflected Cross Site Scripting into ServerHelpEngine servlet Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23088 * CSCto12712: XSS vulnerability in CuOM Device Center Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23087 * CSCto35577: Directory Traversal vulnerabilities in CWHP Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23089 Information related to affected software versions and fixed software are available in the published Intellishield vulnerability alerts and the Cisco Bug ID release note enclosures. Cisco PSIRT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk3T3YwACgkQQXnnBKKRMNA3lwD8DFK3dw5Gc5ZsGbajYDc0YuGx nGeYOvu2Hcp1gDBrFvcA/1DcbqvNMwMf0+04qWpUWSD+ckwfIh7LmNROFONwBCEI =ypJ9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 Lists (May 17)
- <Possible follow-ups>
- Re: Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 Cisco Systems Product Security Incident Response Team (May 18)