SQL Injection in Cisco Unified_communications_domain_manager

CVE-2015-0684

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.

Vulnerability class: SQL Injection

EPSS: 0.003 (54.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_communications_domain_manager — versions 8.1\(.4\)
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1032001 (vdb-entry, x_refsource_SECTRACK)
20150331 Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)