| Vulnerability Name: | CVE-2015-0684 (CCN-101998) | ||||||||
| Assigned: | 2015-03-31 | ||||||||
| Published: | 2015-03-31 | ||||||||
| Updated: | 2015-09-29 | ||||||||
| Summary: | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | ||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-0684 Source: CCN Type: Cisco Vulnerability Alert 38114 Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability Source: CISCO Type: Vendor Advisory 20150331 Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1032001 Source: XF Type: UNKNOWN cisco-ucdm-cve20150684-sql-injection(101998) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||