2 matches found
CVE-2014-0729
SQL injection vulnerability in the Enterprise Mobility Application EMApp interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302...
CVE-2014-0729
Cisco’s advisory confirms a Blind SQL Injection in the Enterprise Mobility Application (EMApp) interface of Cisco Unified Communications Manager (UCM). The root cause is a failure to validate user-supplied input used to build SQL queries, enabling an unauthenticated, remote attacker to exfiltrate...