CVE-2019-12710SQL Injection in Cisco Unified Communications Manager

CWE-89SQL Injection4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 56.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedOct 2
Latest updateMay 24

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious S

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_unified_communications_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-jqrp-5gxv-5jhg: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition2022-05-24
CVEList
Cisco Unified Communications Manager SQL Injection Vulnerability2019-10-02

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager SQL Injection Vulnerability2019-10-02
CVE-2019-12710 — SQL Injection in Cisco | cvebase