What is CVE-2011-1653?

CVE-2011-1653 is a vulnerability in Broadcom Total_defense, classified under SQL Injection. Published 2011-04-18.

Is CVE-2011-1653 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Broadcom Total_defense

CVE-2011-1653

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2)…

Vulnerability class: SQL Injection

EPSS: 0.773 (99.0th percentile) — read the EPSS interpretation.

Affected products

Broadcom Total_defense — versions r12
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

totaldefense-multiple-sql-injection(66725) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
44097 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
8403 (x_refsource_SREASON, third-party-advisory)
47355 (vdb-entry, x_refsource_BID)
20110413 ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
20110413 ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability (mailing-list, x_refsource_BUGTRAQ)
20110413 ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2011-1653?: CVE-2011-1653 is a vulnerability in Broadcom Total_defense, classified under SQL Injection. Published 2011-04-18.
Is CVE-2011-1653 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.