SQL Injection Vulnerability in Cisco Unified Communications Manager
CVE-2016-1317
4.3MEDIUM
Summary
A vulnerability exists in Cisco Unified Communications Manager, where remote authenticated users can exploit the system to access sensitive database information. By making direct requests to specific URLs, attackers have the potential to obtain critical data such as table names and entity names, leading to unauthorized information disclosure.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved