SQL Injection Vulnerabilities in Cisco Unified Communications Manager and Presence Server
CVE-2014-3339

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Domain Manager; Unified Presence Server
Vendor: CVE Published:; 12 August 2014

What is CVE-2014-3339?

Multiple SQL injection vulnerabilities exist within the administrative web interface of Cisco Unified Communications Manager and Cisco Unified Presence Server. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands through carefully crafted inputs sent to specific pages of the affected applications. This unauthorized access can compromise the integrity of the database and expose sensitive data, posing significant risks to organizations relying on these communication solutions.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/69200

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/95250

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2014
Vulnerability Reserved
May 7, 2014