Sign-up

ID

VAR-201506-0248


CVE

CVE-2015-4188


TITLE

Cisco Prime Collaboration of Manager In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003188

DESCRIPTION

SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 1.98

sources: NVD: CVE-2015-4188 // JVNDB: JVNDB-2015-003188 // BID: 75268 // VULHUB: VHN-82149

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaborationscope:eqversion:10.5\(1\)

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion:10.5(1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-003188 // CNNVD: CNNVD-201506-316 // NVD: CVE-2015-4188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4188
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4188
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-316
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82149
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4188
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82149
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82149 // JVNDB: JVNDB-2015-003188 // CNNVD: CNNVD-201506-316 // NVD: CVE-2015-4188

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-82149 // JVNDB: JVNDB-2015-003188 // NVD: CVE-2015-4188

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-316

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201506-316

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003188

PATCH
title:39365url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39365
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003188

EXTERNAL IDS
db:NVDid:CVE-2015-4188
Trust: 2.8
db:BIDid:75268
Trust: 1.4
db:SECTRACKid:1032592
Trust: 1.1
db:JVNDBid:JVNDB-2015-003188
Trust: 0.8
db:CNNVDid:CNNVD-201506-316
Trust: 0.7
db:VULHUBid:VHN-82149
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82149 // 
            
            
            
            BID: 75268 // 
            
            
            
            JVNDB: JVNDB-2015-003188 // 
            
            
            
            CNNVD: CNNVD-201506-316 // 
            
            
            
            NVD: CVE-2015-4188

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39365
Trust: 2.0
url:http://www.securityfocus.com/bid/75268
Trust: 1.1
url:http://www.securitytracker.com/id/1032592
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4188
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4188
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12363/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82149 // 
            
            
            
            BID: 75268 // 
            
            
            
            JVNDB: JVNDB-2015-003188 // 
            
            
            
            CNNVD: CNNVD-201506-316 // 
            
            
            
            NVD: CVE-2015-4188

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75268

SOURCES
db:VULHUBid:VHN-82149
db:BIDid:75268
db:JVNDBid:JVNDB-2015-003188
db:CNNVDid:CNNVD-201506-316
db:NVDid:CVE-2015-4188

LAST UPDATE DATE
2025-04-13T23:18:09.119000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82149date:2016-12-07T00:00:00
db:BIDid:75268date:2015-11-03T19:05:00
db:JVNDBid:JVNDB-2015-003188date:2015-06-19T00:00:00
db:CNNVDid:CNNVD-201506-316date:2015-06-18T00:00:00
db:NVDid:CVE-2015-4188date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82149date:2015-06-17T00:00:00
db:BIDid:75268date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003188date:2015-06-19T00:00:00
db:CNNVDid:CNNVD-201506-316date:2015-06-18T00:00:00
db:NVDid:CVE-2015-4188date:2015-06-17T10:59:05.727