CVE-2015-6433

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager version 11.0(0.98000.225)

Description The issue is related to a lack of protection in the SQL query structure, allowing remote authenticated users to execute arbitrary SQL commands via a crafted URL. This can be exploited by a remote attacker to execute arbitrary SQL commands.

Recommendations For Cisco Unified Communications Manager version 11.0(0.98000.225), consider restricting access to the SQL query structure until a patch is available. As a temporary workaround, avoid using crafted URLs that could exploit the SQL injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.