Sign-up

ID

VAR-201510-0013


CVE

CVE-2015-6331


TITLE

Cisco Prime Collaboration Assurance of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005193

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCus39887. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-6331 // JVNDB: JVNDB-2015-005193 // BID: 77052 // VULHUB: VHN-84292

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5.1

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5(1)

Trust: 1.1

sources: BID: 77052 // JVNDB: JVNDB-2015-005193 // CNNVD: CNNVD-201510-150 // NVD: CVE-2015-6331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6331
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6331
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-150
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84292
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6331
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84292
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84292 // JVNDB: JVNDB-2015-005193 // CNNVD: CNNVD-201510-150 // NVD: CVE-2015-6331

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84292 // JVNDB: JVNDB-2015-005193 // NVD: CVE-2015-6331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-150

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-150

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005193

PATCH
title:cisco-sa-20151008-pca2url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005193

EXTERNAL IDS
db:NVDid:CVE-2015-6331
Trust: 2.8
db:SECTRACKid:1033782
Trust: 1.1
db:JVNDBid:JVNDB-2015-005193
Trust: 0.8
db:CNNVDid:CNNVD-201510-150
Trust: 0.7
db:BIDid:77052
Trust: 0.4
db:VULHUBid:VHN-84292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84292 // 
            
            
            
            BID: 77052 // 
            
            
            
            JVNDB: JVNDB-2015-005193 // 
            
            
            
            CNNVD: CNNVD-201510-150 // 
            
            
            
            NVD: CVE-2015-6331

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151008-pca2
Trust: 2.0
url:http://www.securitytracker.com/id/1033782
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6331
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6331
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84292 // 
            
            
            
            BID: 77052 // 
            
            
            
            JVNDB: JVNDB-2015-005193 // 
            
            
            
            CNNVD: CNNVD-201510-150 // 
            
            
            
            NVD: CVE-2015-6331

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77052

SOURCES
db:VULHUBid:VHN-84292
db:BIDid:77052
db:JVNDBid:JVNDB-2015-005193
db:CNNVDid:CNNVD-201510-150
db:NVDid:CVE-2015-6331

LAST UPDATE DATE
2024-11-23T22:13:22.876000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84292date:2016-12-09T00:00:00
db:BIDid:77052date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005193date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-150date:2015-10-13T00:00:00
db:NVDid:CVE-2015-6331date:2024-11-21T02:34:48.220

SOURCES RELEASE DATE
db:VULHUBid:VHN-84292date:2015-10-12T00:00:00
db:BIDid:77052date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005193date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-150date:2015-10-13T00:00:00
db:NVDid:CVE-2015-6331date:2015-10-12T10:59:12.337