SQL Injection Vulnerability in Cisco Unified Operations Manager
CVE-2013-3437

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Operations Manager
Vendor: CVE Published:; 23 July 2013

Summary

An SQL injection vulnerability exists in the management application of Cisco Unified Operations Manager, allowing remote authenticated users to execute arbitrary SQL commands through a manipulative entry field. This flaw can lead to unauthorized access and potential compromise of the database integrity, making it essential for users of the affected product to apply security measures promptly.

References

http://osvdb.org/95472

vdb-entryx_refsource_OSVDB

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 23, 2013
Vulnerability Reserved
May 6, 2013