CVE-2014-3287

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.

Published: Jun 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3287
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	-	-

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287
http://www.securityfocus.com/bid/68000
http://www.securitytracker.com/id/1030411

Vulnerability Database

289,689

CVE-2014-3287