1. Home
  2. CVE Database
  3. CVE-2014-3339
MEDIUM · 6.5

CVE-2014-3339

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to exe...

Vulnerability Description

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
CiscoUnified Communications Domain Manager-
CiscoUnified Presence ServerAll versions

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2014-3339?

CVE-2014-3339 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to exe...

How severe is CVE-2014-3339?

CVE-2014-3339 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3339?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Domain Manager, Cisco Unified Presence Server.