CVE-2014-3336SQL Injection in Cisco Unity Connection

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedAug 11
Latest updateMay 17

Description

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/unity_connection9.1\(1\), 9.1\(2\)+1

🔴Vulnerability Details

2
GHSA
GHSA-5v8q-fp2x-r5m6: SQL injection vulnerability in the web framework in Cisco Unity Connection 92022-05-17
CVEList
CVE-2014-3336: SQL injection vulnerability in the web framework in Cisco Unity Connection 92014-08-11

📋Vendor Advisories

1
Cisco
Cisco Unity Connection SQL Injection Vulnerability2014-08-11
CVE-2014-3336 — SQL Injection in Cisco Unity Connection | cvebase