var-201504-0279
Vulnerability from variot
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1.98991.13\\)"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
}
],
"sources": [
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_domain_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "71432"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78645",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0699",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0699",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78645",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0699",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nThis issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0699",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1032134",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277",
"trust": 0.7
},
{
"db": "BID",
"id": "71432",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78645",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0699",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"id": "VAR-201504-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:22:55.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38366",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38366"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38366"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032134"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0699"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0699"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-78645"
},
{
"date": "2015-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"date": "2015-04-15T00:00:00",
"db": "BID",
"id": "71432"
},
{
"date": "2015-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"date": "2015-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"date": "2015-04-15T10:59:05.440000",
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78645"
},
{
"date": "2017-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"date": "2015-04-15T00:00:00",
"db": "BID",
"id": "71432"
},
{
"date": "2015-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"date": "2015-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"date": "2024-11-21T02:23:33.660000",
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager of Interactive Voice Response In the component SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…