SecuritySpace - CVE-2017-3886

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-3886

Description: A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).

Test IDs: 1.3.6.1.4.1.25623.1.0.106724

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-3886
BugTraq ID: 97432
http://www.securityfocus.com/bid/97432
http://www.securitytracker.com/id/1038192

CVE ID:	CVE-2017-3886
Description:	A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).
Test IDs:	1.3.6.1.4.1.25623.1.0.106724
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3886 BugTraq ID: 97432 http://www.securityfocus.com/bid/97432 http://www.securitytracker.com/id/1038192