Lucene search
CiscoCVE-2014-3287HistoryJun 10, 2014 - 11:19 a.m.
CVE-2014-3287
2014-06-1011:19:35
CWE-89
cisco
web.nvd.nist.gov
25
cve
sql injection
java interface
cisco unified communications manager
unified cm
remote authenticated users
arbitrary sql commands
crafted filename
url
bug id
cscuo17337
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
8.2
Confidence
Low
EPSS
0.001
Percentile
41.8%
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
Affected configurations
Node
ciscounified_communications_manager
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_communications_manager | * | cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* |
Related
cisco
cisco
cvelist
cvelist
CVE-2014-3287
2014-06-10 10:00:00
nessus
nessus
prion
prion
Sql injection
2014-06-10 11:19:00
nvd
nvd
CVE-2014-3287
2014-06-10 11:19:35
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
8.2
Confidence
Low
EPSS
0.001
Percentile
41.8%
Related for CVE-2014-3287