SQL Injection Vulnerability in BulkViewFileContentsAction.java in Cisco Unified Communications Manager

SQL Injection Vulnerability in BulkViewFileContentsAction.java in Cisco Unified Communications Manager

CVE-2014-3287 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.

Learn more about our Cis Benchmark Audit For Cisco.