CVE-2014-3275

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 48.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine Software
Timeline
PublishedMay 26
Latest updateMay 17

Description

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5rqq-hhv5-9282: SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 12022-05-17
CVEList
CVE-2014-3275: SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 12014-05-23

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Blind SQL Injection Vulnerability2014-05-22
CVE-2014-3275 (MEDIUM CVSS 6.5) | SQL injection vulnerability in the | cvebase.io