Sign-up

ID

VAR-201504-0265


CVE

CVE-2015-0684


TITLE

Cisco Unified Communications Domain Manager of Image Management In the component SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002078

DESCRIPTION

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuq52515. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the program not adequately filtering the input submitted by the user. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-0684 // JVNDB: JVNDB-2015-002078 // BID: 73444 // VULHUB: VHN-78630

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1\(.4\)

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1(4)

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1.4

Trust: 0.3

sources: BID: 73444 // JVNDB: JVNDB-2015-002078 // CNNVD: CNNVD-201504-047 // NVD: CVE-2015-0684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0684
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0684
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-047
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78630
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0684
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78630
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78630 // JVNDB: JVNDB-2015-002078 // CNNVD: CNNVD-201504-047 // NVD: CVE-2015-0684

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-78630 // JVNDB: JVNDB-2015-002078 // NVD: CVE-2015-0684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-047

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201504-047

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002078

PATCH
title:38114url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38114
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002078

EXTERNAL IDS
db:NVDid:CVE-2015-0684
Trust: 2.8
db:SECTRACKid:1032001
Trust: 1.1
db:JVNDBid:JVNDB-2015-002078
Trust: 0.8
db:CNNVDid:CNNVD-201504-047
Trust: 0.7
db:BIDid:73444
Trust: 0.4
db:VULHUBid:VHN-78630
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78630 // 
            
            
            
            BID: 73444 // 
            
            
            
            JVNDB: JVNDB-2015-002078 // 
            
            
            
            CNNVD: CNNVD-201504-047 // 
            
            
            
            NVD: CVE-2015-0684

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38114
Trust: 2.0
url:http://www.securitytracker.com/id/1032001
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0684\
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0684
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78630 // 
            
            
            
            BID: 73444 // 
            
            
            
            JVNDB: JVNDB-2015-002078 // 
            
            
            
            CNNVD: CNNVD-201504-047 // 
            
            
            
            NVD: CVE-2015-0684

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73444

SOURCES
db:VULHUBid:VHN-78630
db:BIDid:73444
db:JVNDBid:JVNDB-2015-002078
db:CNNVDid:CNNVD-201504-047
db:NVDid:CVE-2015-0684

LAST UPDATE DATE
2025-04-12T23:14:24.291000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78630date:2015-09-29T00:00:00
db:BIDid:73444date:2015-03-31T00:00:00
db:JVNDBid:JVNDB-2015-002078date:2015-04-07T00:00:00
db:CNNVDid:CNNVD-201504-047date:2015-04-07T00:00:00
db:NVDid:CVE-2015-0684date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78630date:2015-04-03T00:00:00
db:BIDid:73444date:2015-03-31T00:00:00
db:JVNDBid:JVNDB-2015-002078date:2015-04-07T00:00:00
db:CNNVDid:CNNVD-201504-047date:2015-04-07T00:00:00
db:NVDid:CVE-2015-0684date:2015-04-03T10:59:07.960