cisco-sa-imp-inj-ereCOKjR: Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
First published: Wed May 05 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR
Credit: Mostafa Soliman IBM Xreporting these vulnerabilities.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager IM and Presence Service | =12.5<12.5(1)SU4=12.0<Migrate to 12.5(1)SU4.=11.5<11.5(1)SU9>=.5<10=10.5<=11.0<Migrate to 11.5(1)SU9. | 12.5(1)SU4 Migrate to 12.5(1)SU4. 11.5(1)SU9 Migrate to 11.5(1)SU9. |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities?
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
How severe is Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities?
The severity of Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities is high with a CVSS score of 7.1.
Which software versions are affected by Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities?
The affected software versions include Cisco Unified Communications Manager IM & Presence Service 12.5, 12.0, 11.5, 10, and 10.5.
How can I mitigate Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in version 12.5(1)SU4?
To mitigate Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in version 12.5(1)SU4, you need to migrate to version 12.5(1)SU4.
How can I mitigate Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in version 11.5(1)SU9?
To mitigate Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in version 11.5(1)SU9, you need to migrate to version 11.5(1)SU9.
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager im and presence service
- version/cisco unified communications manager im and presence service/12.5
- version/cisco unified communications manager im and presence service/12.0
- version/cisco unified communications manager im and presence service/11.5
- version/cisco unified communications manager im and presence service/.5
- version/cisco unified communications manager im and presence service/10.5
- version/cisco unified communications manager im and presence service/11.0