cvelistv5 - cve-2014-3339

CVE-2014-3339 (GCVE-0-2014-3339)

Vulnerability from cvelistv5 – Published: 2014-08-12 23:00 – Updated: 2024-08-06 10:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/69200	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
          },
          {
            "name": "69200",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69200"
          },
          {
            "name": "cucm-cups-cve20143339-sql-injection(95250)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
        },
        {
          "name": "69200",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69200"
        },
        {
          "name": "cucm-cups-cve20143339-sql-injection(95250)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
            },
            {
              "name": "69200",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69200"
            },
            {
              "name": "cucm-cups-cve20143339-sql-injection(95250)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3339",
    "datePublished": "2014-08-12T23:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAC05C99-071F-47E7-A3B6-899488520663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de inyecci\\u00f3n SQL en la interfaz del web de administraci\\u00f3n en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\\u00e9s de entradas manipuladas en p\\u00e1ginas no especificadas, tambi\\u00e9n conocido como Bug ID CSCup74290.\"}]",
      "id": "CVE-2014-3339",
      "lastModified": "2024-11-21T02:07:53.813",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-08-12T23:55:03.957",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69200\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/95250\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/95250\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3339\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-08-12T23:55:03.957\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la interfaz del web de administraci\u00f3n en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de entradas manipuladas en p\u00e1ginas no especificadas, tambi\u00e9n conocido como Bug ID CSCup74290.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC05C99-071F-47E7-A3B6-899488520663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69200\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95250\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201408-0162

Vulnerability from variot - Updated: 2023-12-18 13:29

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCup74290. CUCM is a call processing component in a unified communication system, which provides a scalable, distributed and highly available enterprise IP phone call processing solution

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0162",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified presence server",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified communications manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "69200"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-3339",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-71279",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3339",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-224",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71279",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. \nAn authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nThis issue is tracked by Cisco Bug ID CSCup74290. CUCM is a call processing component in a unified communication system, which provides a scalable, distributed and highly available enterprise IP phone call processing solution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "BID",
        "id": "69200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3339",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "69200",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-71279",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "db": "BID",
        "id": "69200"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "id": "VAR-201408-0162",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:44.009000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3339"
      },
      {
        "title": "35275",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35275"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3339"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69200"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3339"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3339"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps7060/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "db": "BID",
        "id": "69200"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "db": "BID",
        "id": "69200"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "date": "2014-08-12T00:00:00",
        "db": "BID",
        "id": "69200"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "date": "2014-08-12T23:55:03.957000",
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "date": "2014-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71279"
      },
      {
        "date": "2014-08-14T00:02:00",
        "db": "BID",
        "id": "69200"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      },
      {
        "date": "2017-08-29T01:34:42.810000",
        "db": "NVD",
        "id": "CVE-2014-3339"
      },
      {
        "date": "2014-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager and  Cisco Unified Presence Server Management  Web In the interface  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003798"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-224"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-3339

Vulnerability from fkie_nvd - Published: 2014-08-12 23:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/69200
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95250
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69200
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95250

Impacted products

	Vendor	Product	Version
	cisco	unified_communications_domain_manager	-
	cisco	unified_presence_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAC05C99-071F-47E7-A3B6-899488520663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la interfaz del web de administraci\u00f3n en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de entradas manipuladas en p\u00e1ginas no especificadas, tambi\u00e9n conocido como Bug ID CSCup74290."
    }
  ],
  "id": "CVE-2014-3339",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-12T23:55:03.957",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/69200"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-3339

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3339

Aliases

CVE-2014-3339

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3339",
    "description": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.",
    "id": "GSD-2014-3339"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3339"
      ],
      "details": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.",
      "id": "GSD-2014-3339",
      "modified": "2023-12-13T01:22:53.221024Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3339",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
          },
          {
            "name": "69200",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69200"
          },
          {
            "name": "cucm-cups-cve20143339-sql-injection(95250)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3339"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
            },
            {
              "name": "69200",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/69200"
            },
            {
              "name": "cucm-cups-cve20143339-sql-injection(95250)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-08-12T23:55Z"
    }
  }
}

GHSA-3JC7-56J7-72R6

Vulnerability from github – Published: 2022-05-17 01:25 – Updated: 2022-05-17 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-12T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.",
  "id": "GHSA-3jc7-56j7-72r6",
  "modified": "2022-05-17T01:25:01Z",
  "published": "2022-05-17T01:25:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3339"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3339 (GCVE-0-2014-3339)

VAR-201408-0162

FKIE_CVE-2014-3339

GSD-2014-3339

GHSA-3JC7-56J7-72R6

Tags

Sightings

Nomenclature