| Vulnerability Name: | CVE-2015-0715 (CCN-102931) | ||||||||
| Assigned: | 2015-05-05 | ||||||||
| Published: | 2015-05-05 | ||||||||
| Updated: | 2015-09-10 | ||||||||
| Summary: | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-0715 Source: CCN Type: Cisco Vulnerability Alert 38674 Cisco Unified Communications Manager SQL Injection Vulnerability Source: CISCO Type: Vendor Advisory 20150505 Cisco Unified Communications Manager SQL Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1032260 Source: XF Type: UNKNOWN cisco-unified-cve20150715-sql-injection(102931) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||