CVE-2014-3336
Cisco Unity Connection 9.1(2) and earlier contains a SQL injection in the web framework. The root cause is insufficient validation of SQL statements in the web server code, allowing an authenticated remote attacker to execute arbitrary SQL and potentially read data from the database. Cisco’s advi...