SQL Injection in Cisco Unified_operations_manager

CVE-2013-3437

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.

Vulnerability class: SQL Injection

EPSS: 0.006 (68.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_operations_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

95472 (x_refsource_OSVDB, vdb-entry)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
20130719 Cisco Unified Operations Manager SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)