CVE-2015-0684: SQL Injection
First published: Fri Apr 03 2015(Updated: )
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Domain Manager Platform | =8.1\(.4\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0684?
CVE-2015-0684 has a severity rating of medium due to the potential for remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2015-0684?
To mitigate CVE-2015-0684, users should upgrade to a fixed version of Cisco Unified Communications Domain Manager that addresses this SQL injection vulnerability.
Who is affected by CVE-2015-0684?
CVE-2015-0684 affects users of Cisco Unified Communications Domain Manager version 8.1(4) that allows remote authenticated access.
What type of vulnerability is CVE-2015-0684?
CVE-2015-0684 is classified as an SQL injection vulnerability that permits unauthorized SQL command execution.
What actions can attackers perform using CVE-2015-0684?
Attackers exploiting CVE-2015-0684 can execute arbitrary SQL commands, potentially compromising the database security.
- agent/author
- agent/event
- agent/tags
- agent/type
- agent/references
- agent/weakness
- agent/description
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications domain manager platform
- version/cisco unified communications domain manager platform/8.1\(.4\)