FYI...Cisco Unified MeetingPlace - multiple vulns
Release Date: 2010-01-28
Critical: Moderately critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation
Where: From remote
Solution Status: Vendor Patch
Software: Cisco Unified MeetingPlace 5.x, Cisco Unified MeetingPlace 6.x, Cisco Unified MeetingPlace 7.x
Solution: Update to the latest version.http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278785523
CVE Reference: CVE-2010-0139, CVE-2010-0140, CVE-2010-0141, CVE-2010-0142
Date: Jan 27 2010
January 28, 2010
Multiple Vulnerabilities in Cisco Unified MeetingPlace
Severity: Elevated Severity
Published: Friday, January 29, 2010 19:03
"Multiple issues have been found and fixed in Cisco Unified MeetingPlace versions 5, 6, and 7. These bugs could allow for SQL injection, privilege escalation, account enumeration, and unauthorized new account creation.
Cisco has made updated software available to their customers to address these issues.Analysis: Sites using Cisco Unified MeetingPlace should review this update and apply the updates soon.