SQL Injection Vulnerability in Cisco Unified Presence Server
CVE-2013-6983

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Presence Server
Vendor: CVE Published:; 31 December 2013

Summary

A SQL injection vulnerability exists in the web interface of Cisco Unified Presence Server, which enables remote authenticated users to execute arbitrary SQL commands by crafting a malicious URL. This flaw could potentially allow attackers to manipulate the database and gain unauthorized access to sensitive information, thereby compromising the security of the entire system.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/56273

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1029547

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 31, 2013
Vulnerability Reserved
Dec 5, 2013