SQL Injection Vulnerability in Cisco Unified Communications Domain Manager
CVE-2015-0684

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Domain Manager
Vendor: CVE Published:; 3 April 2015

What is CVE-2015-0684?

An SQL injection vulnerability exists in the Image Management component of Cisco Unified Communications Domain Manager 8.1(4). This flaw allows authenticated remote users to execute arbitrary SQL commands by leveraging unspecified vectors, potentially compromising database integrity and confidentiality.

References

http://www.securitytracker.com/id/1032001

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2015
Vulnerability Reserved
Jan 7, 2015