CVE-2014-0734

2014-02-2005:18:04

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

Affected configurations

Nvd

Node

ciscounified_communications_managerRange≤10.0\(1\)

ciscounified_communications_managerMatch3.3\(5\)

ciscounified_communications_managerMatch3.3\(5\)sr1

ciscounified_communications_managerMatch3.3\(5\)sr2a

ciscounified_communications_managerMatch4.1\(3\)

ciscounified_communications_managerMatch4.1\(3\)sr1

ciscounified_communications_managerMatch4.1\(3\)sr2

ciscounified_communications_managerMatch4.1\(3\)sr3

ciscounified_communications_managerMatch4.1\(3\)sr4

ciscounified_communications_managerMatch4.2

ciscounified_communications_managerMatch4.2.1

ciscounified_communications_managerMatch4.2.2

ciscounified_communications_managerMatch4.2.3

ciscounified_communications_managerMatch4.2.3sr1

ciscounified_communications_managerMatch4.2.3sr2

ciscounified_communications_managerMatch4.2.3sr2b

ciscounified_communications_managerMatch4.3

ciscounified_communications_managerMatch10.0

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr1cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr2acpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr1cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr2cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr3cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr4cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
ciscounified_communications_manager4.2cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::
cisco	unified_communications_manager	3.3(5)	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
cisco	unified_communications_manager	3.3(5)sr1	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
cisco	unified_communications_manager	3.3(5)sr2a	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
cisco	unified_communications_manager	4.1(3)	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
cisco	unified_communications_manager	4.1(3)sr1	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
cisco	unified_communications_manager	4.1(3)sr2	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
cisco	unified_communications_manager	4.1(3)sr3	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
cisco	unified_communications_manager	4.1(3)sr4	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
cisco	unified_communications_manager	4.2	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*