CyberSec.Space Logo
Back to CVE Browser

CVE-2011-1653

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile4.12th
PublishedApr 18, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Total Defense

= r12

References & Advisories

πŸ”— http://secunia.com/advisories/44097
πŸ”— http://securityreason.com/securityalert/8403
πŸ”— http://securitytracker.com/id?1025353
πŸ”— http://www.securityfocus.com/archive/1/517489/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/517490/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/517491/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/517493/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/517494/100/0/threaded

Related Vulnerabilities

CVE-2011-266710.0

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not...

CVE-2021-238748.2

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated p...

CVE-2019-133577.8

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local a...

CVE-2019-133567.8

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUp...