Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0734

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0734
Last Modified 16 Sep 2015 02:57:45
Published 20 Feb 2014 12:18:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0734

Summary

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 10.0

  • Cisco Unified Communications Manager 10.0%281%29

  • Cisco Unified Communications Manager 3.3%285%29

  • Cisco Unified Communications Manager 3.3%285%29sr1

  • Cisco Unified Communications Manager 3.3%285%29sr2a

  • Cisco Unified Communications Manager 4.1%283%29

  • Cisco Unified Communications Manager 4.1%283%29sr1

  • Cisco Unified Communications Manager 4.1%283%29sr2

  • Cisco Unified Communications Manager 4.1%283%29sr3

  • Cisco Unified Communications Manager 4.1%283%29sr4

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.1

  • Cisco Unified Communications Manager 4.2.2

  • Cisco Unified Communications Manager 4.2.3

  • Cisco Unified Communications Manager 4.2.3sr1

  • Cisco Unified Communications Manager 4.2.3sr2

  • Cisco Unified Communications Manager 4.2.3sr2b

  • Cisco Unified Communications Manager 4.3


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=32916

CISCO - 20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability

BID - 65645


Last Updated: 27 May 2016 10:56:44