Vulnerability Description
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | <= 10.0\(1\) |
Related Weaknesses (CWE)
References
- http://osvdb.org/103221
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32834Vendor Advisory
- http://www.securityfocus.com/bid/65499
- http://osvdb.org/103221
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32834Vendor Advisory
- http://www.securityfocus.com/bid/65499
FAQ
What is CVE-2014-0728?
CVE-2014-0728 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL...
How severe is CVE-2014-0728?
CVE-2014-0728 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0728?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.