CVEブラウザに戻る

CVE-2011-1653

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0540%

EPSS Percentile4.12th

Published2011年4月18日

Last Modified2026年4月29日

Vulnerability Description

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

Affected Platforms (CPE)

📦

Broadcom

Total Defense

= r12

References & Advisories

🔗 http://secunia.com/advisories/44097

🔗 http://securityreason.com/securityalert/8403

🔗 http://securitytracker.com/id?1025353

🔗 http://www.securityfocus.com/archive/1/517489/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/517490/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/517491/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/517493/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/517494/100/0/threaded

関連する脆弱性情報

CVE-2011-266710.0

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not...

CVE-2021-238748.2

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated p...

CVE-2019-133577.8

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local a...

CVE-2019-133567.8

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUp...