SQL Injection Vulnerability in Cisco Unified Communications Manager IVR Component
CVE-2015-0699

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Domain Manager
Vendor: CVE Published:; 15 April 2015

Summary

A SQL injection vulnerability exists in the Interactive Voice Response (IVR) component of Cisco Unified Communications Manager. This issue allows remote attackers to potentially execute arbitrary SQL commands through various unspecified vectors. This can lead to significant security risks for organizations utilizing this telecommunication solution.

References

http://www.securitytracker.com/id/1032134

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Apr 15, 2015
Vulnerability Reserved
Jan 7, 2015