Details of VAR-201505-0195

ID

VAR-201505-0195

CVE

CVE-2015-0753

TITLE

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002855

DESCRIPTION

SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. Vendors have confirmed this vulnerability Bug ID CSCuu30028 It is released as.By any third party SQL The command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCuu30028. Cisco Unified E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites; Unified Web Interaction Manager can help call center business representatives use websites and text chat or real-time Web collaboration to answer customer questions product. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 2.07

sources: NVD: CVE-2015-0753 // JVNDB: JVNDB-2015-002855 // BID: 74849 // VULHUB: VHN-78699 // VULMON: CVE-2015-0753

AFFECTED PRODUCTS

vendor:	cisco	model:	unified web and e-mail interaction manager	scope:	eq	version:	9.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified web and e-mail interaction manager	scope:	eq	version:	9.0(2)	Trust: 1.1

sources: BID: 74849 // JVNDB: JVNDB-2015-002855 // CNNVD: CNNVD-201505-588 // NVD: CVE-2015-0753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0753
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0753
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-588
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78699
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0753
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0753
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-78699
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78699 // VULMON: CVE-2015-0753 // JVNDB: JVNDB-2015-002855 // CNNVD: CNNVD-201505-588 // NVD: CVE-2015-0753

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78699 // JVNDB: JVNDB-2015-002855 // NVD: CVE-2015-0753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-588

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201505-588

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002855

PATCH

title:	39013	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39013	Trust: 0.8
title:	Cisco: Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150527-CVE-2015-0753	Trust: 0.1

sources: VULMON: CVE-2015-0753 // JVNDB: JVNDB-2015-002855

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0753	Trust: 2.9
db:	SECTRACK	id:	1032422	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002855	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-588	Trust: 0.7
db:	BID	id:	74849	Trust: 0.4
db:	VULHUB	id:	VHN-78699	Trust: 0.1
db:	VULMON	id:	CVE-2015-0753	Trust: 0.1

sources: VULHUB: VHN-78699 // VULMON: CVE-2015-0753 // BID: 74849 // JVNDB: JVNDB-2015-002855 // CNNVD: CNNVD-201505-588 // NVD: CVE-2015-0753

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39013	Trust: 2.1
url:	http://www.securitytracker.com/id/1032422	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0753	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0753	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/customer-collaboration/unified-email-interaction-manager/index.html	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/customer-collaboration/unified-web-interaction-manager/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150527-cve-2015-0753	Trust: 0.1

sources: VULHUB: VHN-78699 // VULMON: CVE-2015-0753 // BID: 74849 // JVNDB: JVNDB-2015-002855 // CNNVD: CNNVD-201505-588 // NVD: CVE-2015-0753

CREDITS

Cisco

Trust: 0.3

sources: BID: 74849

SOURCES

db:	VULHUB	id:	VHN-78699
db:	VULMON	id:	CVE-2015-0753
db:	BID	id:	74849
db:	JVNDB	id:	JVNDB-2015-002855
db:	CNNVD	id:	CNNVD-201505-588
db:	NVD	id:	CVE-2015-0753

LAST UPDATE DATE

2025-04-12T23:15:45.327000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78699	date:	2017-01-04T00:00:00
db:	VULMON	id:	CVE-2015-0753	date:	2017-01-04T00:00:00
db:	BID	id:	74849	date:	2015-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002855	date:	2015-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201505-588	date:	2015-06-01T00:00:00
db:	NVD	id:	CVE-2015-0753	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78699	date:	2015-05-29T00:00:00
db:	VULMON	id:	CVE-2015-0753	date:	2015-05-29T00:00:00
db:	BID	id:	74849	date:	2015-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002855	date:	2015-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201505-588	date:	2015-05-29T00:00:00
db:	NVD	id:	CVE-2015-0753	date:	2015-05-29T15:59:07.373