Sign-up

ID

VAR-201406-0305


CVE

CVE-2014-3287


TITLE

Cisco Unified Communications Domain Manager of Java In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002804

DESCRIPTION

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuo17337. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-3287 // JVNDB: JVNDB-2014-002804 // BID: 68000 // VULHUB: VHN-71227

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.0

Trust: 0.3

sources: BID: 68000 // JVNDB: JVNDB-2014-002804 // CNNVD: CNNVD-201406-170 // NVD: CVE-2014-3287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3287
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3287
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-170
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71227
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3287
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71227
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71227 // JVNDB: JVNDB-2014-002804 // CNNVD: CNNVD-201406-170 // NVD: CVE-2014-3287

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-71227 // JVNDB: JVNDB-2014-002804 // NVD: CVE-2014-3287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-170

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201406-170

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002804

PATCH
title:Cisco Unified Communications Manager Java Interface SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002804

EXTERNAL IDS
db:NVDid:CVE-2014-3287
Trust: 2.8
db:BIDid:68000
Trust: 1.4
db:SECTRACKid:1030411
Trust: 1.1
db:JVNDBid:JVNDB-2014-002804
Trust: 0.8
db:CNNVDid:CNNVD-201406-170
Trust: 0.7
db:CISCOid:20140609 CISCO UNIFIED COMMUNICATIONS MANAGER JAVA INTERFACE SQL INJECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71227
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71227 // 
            
            
            
            BID: 68000 // 
            
            
            
            JVNDB: JVNDB-2014-002804 // 
            
            
            
            CNNVD: CNNVD-201406-170 // 
            
            
            
            NVD: CVE-2014-3287

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3287
Trust: 1.7
url:http://www.securityfocus.com/bid/68000
Trust: 1.1
url:http://www.securitytracker.com/id/1030411
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3287
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3287
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34572
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71227 // 
            
            
            
            BID: 68000 // 
            
            
            
            JVNDB: JVNDB-2014-002804 // 
            
            
            
            CNNVD: CNNVD-201406-170 // 
            
            
            
            NVD: CVE-2014-3287

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68000

SOURCES
db:VULHUBid:VHN-71227
db:BIDid:68000
db:JVNDBid:JVNDB-2014-002804
db:CNNVDid:CNNVD-201406-170
db:NVDid:CVE-2014-3287

LAST UPDATE DATE
2024-11-23T22:46:06.075000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71227date:2016-09-07T00:00:00
db:BIDid:68000date:2014-06-11T00:00:00
db:JVNDBid:JVNDB-2014-002804date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-170date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3287date:2024-11-21T02:07:47.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-71227date:2014-06-10T00:00:00
db:BIDid:68000date:2014-06-11T00:00:00
db:JVNDBid:JVNDB-2014-002804date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-170date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3287date:2014-06-10T11:19:35.737