CVE-2019-12710

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (affected versions not specified)

Description The issue is related to improper validation of user-supplied input in SQL queries, allowing an authenticated, remote attacker to execute arbitrary SQL queries. This could impact the confidentiality of the affected system. An attacker could exploit this by sending crafted requests with malicious SQL statements to the affected application, potentially determining the presence of certain values in the database.

Recommendations For Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition, consider restricting access to the web-based interface until a fix is available. As a temporary workaround, avoid using user-supplied input in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.