SQL Injection in Cisco Unified_communications_domain_manager

CVE-2014-3339

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted…

Vulnerability class: SQL Injection

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_communications_domain_manager
Cisco Unified_presence_server
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
69200 (vdb-entry, x_refsource_BID)
cucm-cups-cve20143339-sql-injection(95250) (vdb-entry, x_refsource_XF)