Lucene search
CiscoCVELIST:CVE-2017-12302HistoryNov 16, 2017 - 7:00 a.m.
CVE-2017-12302
2017-11-1607:00:00
CWE-89
cisco
www.cve.org
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682.
CNA Affected
[
{
"product": "Cisco Unified Communications Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Unified Communications Manager"
}
]
}
]Related
cve
cve
CVE-2017-12302
2017-11-16 07:29:00
prion
prion
Sql injection
2017-11-16 07:29:00
cisco
cisco
Cisco Unified Communications Manager SQL Injection Vulnerability
2017-11-15 16:00:00
nessus
nessus
Cisco Unified Communications Manager SQL Injection Vulnerability
2017-11-22 00:00:00
nvd
nvd
CVE-2017-12302
2017-11-16 07:29:00