Details of VAR-201402-0206

ID

VAR-201402-0206

CVE

CVE-2014-0728

TITLE

Cisco Unified Communications Manager of Java In the database interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001402

DESCRIPTION

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05313. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0728 // JVNDB: JVNDB-2014-001402 // BID: 65499 // VULHUB: VHN-68221

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-001402 // CNNVD: CNNVD-201402-155 // NVD: CVE-2014-0728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0728
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0728
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-155
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68221
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0728
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68221
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68221 // JVNDB: JVNDB-2014-001402 // CNNVD: CNNVD-201402-155 // NVD: CVE-2014-0728

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-68221 // JVNDB: JVNDB-2014-001402 // NVD: CVE-2014-0728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-155

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001402

PATCH

title:	Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728	Trust: 0.8
title:	32834	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32834	Trust: 0.8

sources: JVNDB: JVNDB-2014-001402

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0728	Trust: 2.8
db:	BID	id:	65499	Trust: 1.4
db:	OSVDB	id:	103221	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001402	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-155	Trust: 0.7
db:	CISCO	id:	20140211 CISCO UNIFIED COMMUNICATIONS MANAGER JAVA INTERFACE SQL INJECTION VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	56914	Trust: 0.6
db:	VULHUB	id:	VHN-68221	Trust: 0.1

sources: VULHUB: VHN-68221 // BID: 65499 // JVNDB: JVNDB-2014-001402 // CNNVD: CNNVD-201402-155 // NVD: CVE-2014-0728

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0728	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32834	Trust: 1.7
url:	http://www.securityfocus.com/bid/65499	Trust: 1.1
url:	http://osvdb.org/103221	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0728	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0728	Trust: 0.8
url:	http://secunia.com/advisories/56914	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-68221 // BID: 65499 // JVNDB: JVNDB-2014-001402 // CNNVD: CNNVD-201402-155 // NVD: CVE-2014-0728

CREDITS

Cisco

Trust: 0.3

sources: BID: 65499

SOURCES

db:	VULHUB	id:	VHN-68221
db:	BID	id:	65499
db:	JVNDB	id:	JVNDB-2014-001402
db:	CNNVD	id:	CNNVD-201402-155
db:	NVD	id:	CVE-2014-0728

LAST UPDATE DATE

2024-11-23T22:42:38.428000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68221	date:	2015-08-05T00:00:00
db:	BID	id:	65499	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001402	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-155	date:	2014-02-17T00:00:00
db:	NVD	id:	CVE-2014-0728	date:	2024-11-21T02:02:42.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68221	date:	2014-02-13T00:00:00
db:	BID	id:	65499	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001402	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-155	date:	2014-02-17T00:00:00
db:	NVD	id:	CVE-2014-0728	date:	2014-02-13T05:24:51.637