PT-2014-5231 · Cisco · Cisco Unified Presence Server+1

Publicado

2014-08-12

Atualizado

2017-08-29

CVE-2014-3339

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities in the administrative web interface. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands by providing crafted input to unspecified pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2014-3339

Produtos afetados

Cisco Unified Communications Manager

Cisco Unified Presence Server

PT-2014-5231 · Cisco · Cisco Unified Presence Server+1

CVE-2014-3339

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4