SQL Injection in Cisco Unity_connection

CVE-2015-0715

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 a…

Vulnerability class: SQL Injection

EPSS: 0.003 (52.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Unity_connection — versions 11.0\(0.98000.225\)
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20150505 Cisco Unified Communications Manager SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032260 (vdb-entry, x_refsource_SECTRACK)