CVE-2013-3404 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
cisco	unified_communications_manager	7.1\(2a\)
cisco	unified_communications_manager	7.1\(2a\)su1
cisco	unified_communications_manager	7.1\(2b\)
cisco	unified_communications_manager	7.1\(2b\)su1
cisco	unified_communications_manager	7.1\(3\)
cisco	unified_communications_manager	7.1\(3a\)
cisco	unified_communications_manager	7.1\(3a\)su1
cisco	unified_communications_manager	7.1\(3a\)su1a
cisco	unified_communications_manager	7.1\(3b\)
cisco	unified_communications_manager	7.1\(3b\)su1
cisco	unified_communications_manager	7.1\(3b\)su2
cisco	unified_communications_manager	7.1\(5\)
cisco	unified_communications_manager	7.1\(5\)su1
cisco	unified_communications_manager	7.1\(5\)su1a
cisco	unified_communications_manager	7.1\(5a\)
cisco	unified_communications_manager	7.1\(5b\)
cisco	unified_communications_manager	7.1\(5b\)su1
cisco	unified_communications_manager	7.1\(5b\)su1a
cisco	unified_communications_manager	7.1\(5b\)su2
cisco	unified_communications_manager	7.1\(5b\)su3
cisco	unified_communications_manager	7.1\(5b\)su4
cisco	unified_communications_manager	7.1\(5b\)su5
cisco	unified_communications_manager	7.1\(5b\)su6
cisco	unified_communications_manager	8.0
cisco	unified_communications_manager	8.0\(1\)
cisco	unified_communications_manager	8.0\(2\)
cisco	unified_communications_manager	8.0\(2a\)
cisco	unified_communications_manager	8.0\(2b\)
cisco	unified_communications_manager	8.0\(2c\)
cisco	unified_communications_manager	8.0\(2c\)su1
cisco	unified_communications_manager	8.0\(3\)
cisco	unified_communications_manager	8.0\(3a\)
cisco	unified_communications_manager	8.0\(3a\)su1
cisco	unified_communications_manager	8.0\(3a\)su2
cisco	unified_communications_manager	8.0\(3a\)su3
cisco	unified_communications_manager	8.5
cisco	unified_communications_manager	8.5\(1\)
cisco	unified_communications_manager	8.5\(1\)su1
cisco	unified_communications_manager	8.5\(1\)su2
cisco	unified_communications_manager	8.5\(1\)su3
cisco	unified_communications_manager	8.5\(1\)su4
cisco	unified_communications_manager	8.5\(1\)su5
cisco	unified_communications_manager	8.6
cisco	unified_communications_manager	8.6\(1\)
cisco	unified_communications_manager	8.6\(1a\)
cisco	unified_communications_manager	8.6\(2\)
cisco	unified_communications_manager	8.6\(2a\)
cisco	unified_communications_manager	8.6\(2a\)su1
cisco	unified_communications_manager	8.6\(2a\)su2
cisco	unified_communications_manager	8.6\(2a\)su3
cisco	unified_communications_manager	8.6\(3\)
cisco	unified_communications_manager	8.6\(4\)
cisco	unified_communications_manager	9.0\(1\)
cisco	unified_communications_manager	9.1\(1\)
cisco	unified_communications_manager	9.1.1\(a\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://secunia.com/advisories/54249

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm

http://secunia.com/advisories/54249

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm