vulnerability alert CVE-2014-0727
Cisco Unified Communications Manager: SQL injection of CMIVR
Synthesis of the vulnerability
An attacker can use a SQL injection in CMIVR of Cisco Unified Communications Manager, in order to read or alter data.Impacted products: Cisco CUCM
BID-65516, CSCum05318, CVE-2014-0727, VIGILANCE-VUL-14251.
Description of the vulnerability
The Cisco Unified Communications Manager product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection in CMIVR (CallManager Interactive Voice Response) of Cisco Unified Communications Manager, in order to read or alter data.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability bulletin
. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.