Vulnerability Description
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | <= 10.0\(1\) |
Related Weaknesses (CWE)
References
- http://osvdb.org/103218
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32843Vendor Advisory
- http://www.securityfocus.com/bid/65514
- http://osvdb.org/103218
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32843Vendor Advisory
- http://www.securityfocus.com/bid/65514
FAQ
What is CVE-2014-0726?
CVE-2014-0726 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via...
How severe is CVE-2014-0726?
CVE-2014-0726 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0726?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.