What is the severity of CVE-2014-0734?

The severity of CVE-2014-0734 is classified as high due to its potential to allow remote attackers to execute arbitrary SQL commands.

How do I fix CVE-2014-0734?

To fix CVE-2014-0734, upgrade to the latest version of Cisco Unified Communications Manager that is not affected by this vulnerability.

What versions of Cisco Unified Communications Manager are affected by CVE-2014-0734?

CVE-2014-0734 affects Cisco Unified Communications Manager versions 10.0(1) and earlier, as well as several earlier versions.

Can CVE-2014-0734 be exploited remotely?

Yes, CVE-2014-0734 can be exploited remotely through the Certificate Authority Proxy Function implementation.

Is there a workaround for CVE-2014-0734?

There are no documented workarounds for CVE-2014-0734, and updating to a patched version is recommended.

Vulnerability/
CVE-2014-0734

high

7.5

CWE

20/2/2014

6/8/2024

CVE-2014-0734: SQL Injection

First published: Thu Feb 20 2014(Updated: )

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Unified Communications Manager Session Management Edition	<=10.0\(1\)
Cisco Unified Communications Manager Session Management Edition	=3.3\(5\)
Cisco Unified Communications Manager Session Management Edition	=3.3\(5\)sr1
Cisco Unified Communications Manager Session Management Edition	=3.3\(5\)sr2a
Cisco Unified Communications Manager Session Management Edition	=4.1\(3\)
Cisco Unified Communications Manager Session Management Edition	=4.1\(3\)sr1
Cisco Unified Communications Manager Session Management Edition	=4.1\(3\)sr2
Cisco Unified Communications Manager Session Management Edition	=4.1\(3\)sr3
Cisco Unified Communications Manager Session Management Edition	=4.1\(3\)sr4
Cisco Unified Communications Manager Session Management Edition	=4.2
Cisco Unified Communications Manager Session Management Edition	=4.2.1
Cisco Unified Communications Manager Session Management Edition	=4.2.2
Cisco Unified Communications Manager Session Management Edition	=4.2.3
Cisco Unified Communications Manager Session Management Edition	=4.2.3sr1
Cisco Unified Communications Manager Session Management Edition	=4.2.3sr2
Cisco Unified Communications Manager Session Management Edition	=4.2.3sr2b
Cisco Unified Communications Manager Session Management Edition	=4.3
Cisco Unified Communications Manager Session Management Edition	=10.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0734?
The severity of CVE-2014-0734 is classified as high due to its potential to allow remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2014-0734?
To fix CVE-2014-0734, upgrade to the latest version of Cisco Unified Communications Manager that is not affected by this vulnerability.
What versions of Cisco Unified Communications Manager are affected by CVE-2014-0734?
CVE-2014-0734 affects Cisco Unified Communications Manager versions 10.0(1) and earlier, as well as several earlier versions.
Can CVE-2014-0734 be exploited remotely?
Yes, CVE-2014-0734 can be exploited remotely through the Certificate Authority Proxy Function implementation.
Is there a workaround for CVE-2014-0734?
There are no documented workarounds for CVE-2014-0734, and updating to a patched version is recommended.

agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
agent/weakness
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco unified communications manager session management edition
version/cisco unified communications manager session management edition/10.0\(1\)
version/cisco unified communications manager session management edition/3.3\(5\)
version/cisco unified communications manager session management edition/3.3\(5\)sr1
version/cisco unified communications manager session management edition/3.3\(5\)sr2a
version/cisco unified communications manager session management edition/4.1\(3\)
version/cisco unified communications manager session management edition/4.1\(3\)sr1
version/cisco unified communications manager session management edition/4.1\(3\)sr2
version/cisco unified communications manager session management edition/4.1\(3\)sr3
version/cisco unified communications manager session management edition/4.1\(3\)sr4
version/cisco unified communications manager session management edition/4.2
version/cisco unified communications manager session management edition/4.2.1
version/cisco unified communications manager session management edition/4.2.2
version/cisco unified communications manager session management edition/4.2.3
version/cisco unified communications manager session management edition/4.2.3sr1
version/cisco unified communications manager session management edition/4.2.3sr2
version/cisco unified communications manager session management edition/4.2.3sr2b
version/cisco unified communications manager session management edition/4.3
version/cisco unified communications manager session management edition/10.0