CVE-2016-1446

Опубликовано: 15 июл. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms
Vendor Advisory
http://www.securityfocus.com/bid/91786
http://www.securitytracker.com/id/1036312
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms
Vendor Advisory
http://www.securityfocus.com/bid/91786
http://www.securitytracker.com/id/1036312

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00668

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-v4vf-84mq-c27x