CVE-2015-0715

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 47.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedMay 7
Latest updateMay 17

Description

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/unity_connection11.0\(0.98000.225\)

🔴Vulnerability Details

2
GHSA
GHSA-2j3f-mgwg-2gjh: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 112022-05-17
CVEList
CVE-2015-0715: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 112015-05-07

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager SQL Injection Vulnerability2015-05-05
CVE-2015-0715 (MEDIUM CVSS 6.5) | SQL injection vulnerability in the | cvebase.io