CVE-2014-0726

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (UCM) versions 10.0(1) and earlier

Description A SQL injection issue in the IP Manager Assistant (IPMA) interface allows remote attackers to execute arbitrary SQL commands via a crafted URL.

Recommendations For versions 10.0(1) and earlier, update to a version later than 10.0(1) to resolve the issue. As a temporary workaround, consider restricting access to the IPMA interface to minimize the risk of exploitation.