Cisco Unified Communications Manager: SQL injection of IPMA
Synthesis of the vulnerability
An attacker can use a SQL injection in IPMA of Cisco Unified Communications Manager, in order to read or alter data.Impacted products: Cisco CUCM
32843, BID-65514, CSCum05326, CVE-2014-0726, VIGILANCE-VUL-14250.
Description of the vulnerability
The Cisco Unified Communications Manager product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection in IPMA (IP Manager Assistant) of Cisco Unified Communications Manager, in order to read or alter data.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability database
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.