Sign-up

ID

VAR-201506-0310


CVE

CVE-2015-4222


TITLE

Cisco Unified Communications Manager IM and Presence Service SQL Injection Vulnerability

Trust: 0.9

sources: BID: 75400 // CNNVD: CNNVD-201506-575

DESCRIPTION

SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug IDs CSCuq46325. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-4222 // JVNDB: JVNDB-2015-003287 // BID: 75400 // VULHUB: VHN-82183

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:9.1(1)

Trust: 1.1

sources: BID: 75400 // JVNDB: JVNDB-2015-003287 // CNNVD: CNNVD-201506-575 // NVD: CVE-2015-4222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4222
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4222
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-575
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82183
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4222
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82183
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82183 // JVNDB: JVNDB-2015-003287 // CNNVD: CNNVD-201506-575 // NVD: CVE-2015-4222

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-82183 // JVNDB: JVNDB-2015-003287 // NVD: CVE-2015-4222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-575

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201506-575

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003287

PATCH
title:39506url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39506
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003287

EXTERNAL IDS
db:NVDid:CVE-2015-4222
Trust: 2.8
db:BIDid:75400
Trust: 1.4
db:SECTRACKid:1032716
Trust: 1.1
db:JVNDBid:JVNDB-2015-003287
Trust: 0.8
db:CNNVDid:CNNVD-201506-575
Trust: 0.7
db:VULHUBid:VHN-82183
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82183 // 
            
            
            
            BID: 75400 // 
            
            
            
            JVNDB: JVNDB-2015-003287 // 
            
            
            
            CNNVD: CNNVD-201506-575 // 
            
            
            
            NVD: CVE-2015-4222

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39506
Trust: 2.0
url:http://www.securityfocus.com/bid/75400
Trust: 1.1
url:http://www.securitytracker.com/id/1032716
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4222
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4222
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-presence/data_sheet_c78-728056.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82183 // 
            
            
            
            BID: 75400 // 
            
            
            
            JVNDB: JVNDB-2015-003287 // 
            
            
            
            CNNVD: CNNVD-201506-575 // 
            
            
            
            NVD: CVE-2015-4222

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75400

SOURCES
db:VULHUBid:VHN-82183
db:BIDid:75400
db:JVNDBid:JVNDB-2015-003287
db:CNNVDid:CNNVD-201506-575
db:NVDid:CVE-2015-4222

LAST UPDATE DATE
2024-11-23T22:08:02.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82183date:2016-12-28T00:00:00
db:BIDid:75400date:2015-06-24T00:00:00
db:JVNDBid:JVNDB-2015-003287date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-575date:2015-06-29T00:00:00
db:NVDid:CVE-2015-4222date:2024-11-21T02:30:39.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82183date:2015-06-26T00:00:00
db:BIDid:75400date:2015-06-24T00:00:00
db:JVNDBid:JVNDB-2015-003287date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-575date:2015-06-29T00:00:00
db:NVDid:CVE-2015-4222date:2015-06-26T10:59:06.297