CVE-2014-3326

Опубликовано: 26 июл. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.

Ссылки

http://secunia.com/advisories/60455
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35029
Vendor Advisory
http://www.securityfocus.com/bid/68877
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030639
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/94841
http://secunia.com/advisories/60455
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35029
Vendor Advisory
http://www.securityfocus.com/bid/68877
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030639
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/94841

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:security_manager:4.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:security_manager:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00563

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4cvf-2x9p-w298

github

больше 3 лет назад