Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote malicious user to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the malicious user to obtain data or modify data that is stored in the underlying database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified communications manager im and presence service |