CVE-2018-0120

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager (affected versions not specified)

Description: A vulnerability in the web framework could allow an authenticated, remote attacker to conduct an SQL injection attack. The issue exists due to the software's failure to validate user-supplied input in certain SQL queries, which bypass protection filters. An attacker could exploit this by submitting crafted HTTP requests containing malicious SQL statements. A successful exploit could allow the attacker to determine the presence of certain values in the database.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.