CA Total Defense Unified Network Control Server多个SQL注入漏洞

漏洞信息详情

CA Total Defense Unified Network Control Server多个SQL注入漏洞

• CNNVD编号：CNNVD-201104-165
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2011-1653
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2011-04-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2021-04-13
  
• 厂        商：
  
  ca
• 漏洞来源：

Computer Associates Total Defense是集成了反病毒、反间谍、网关安全、主机入侵防护系统等网络安全服务为一体的多层防护系统。

CA Total Defense（TD）SE2之前的r12版本中的Unified Network Control（UNC）Server中存在多个SQL注入漏洞。远程攻击者可以借助有关向量执行任意SQL命令。该向量与（1）UnAssignFunctionalRoles，（2）UnassignAdminRoles，（3）DeleteFilter，（4）NonAssignedUserList，（5）DeleteReportLayout，（6）DeleteReports和（7）RegenerateReport的存储过程有关。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={6C750E92-D109-4F7D-BA41-8D468B2E31B1}

来源:BID

链接:https://www.securityfocus.com/bid/47355

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-130/

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517497/100/0/threaded

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-131/

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-132/

来源:SREASON

链接:http://securityreason.com/securityalert/8403

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517489/100/0/threaded

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517491/100/0/threaded

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517493/100/0/threaded

来源:CONFIRM

链接:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517498/100/0/threaded

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2011/0977

来源:SECTRACK

链接:http://securitytracker.com/id?1025353

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/66725

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-128/

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517496/100/0/threaded

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-129/

来源:SECUNIA

链接:http://secunia.com/advisories/44097

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-133/

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517494/100/0/threaded

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-11-134/

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/517490/100/0/threaded