Lucene search

K
nvd[email protected]NVD:CVE-2014-3339
HistoryAug 12, 2014 - 11:55 p.m.

CVE-2014-3339

2014-08-1223:55:03
CWE-89
web.nvd.nist.gov
7

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.003

Percentile

69.8%

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.

Affected configurations

Nvd
Node
ciscounified_communications_domain_managerMatch-
OR
ciscounified_presence_server
VendorProductVersionCPE
ciscounified_communications_domain_manager-cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*
ciscounified_presence_server*cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.003

Percentile

69.8%

Related for NVD:CVE-2014-3339