Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability

cisco-sa-20160714-wms · Medium · Published · Updated

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to gather information from the database. Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms

Cisco advisory · CSAF JSON

Workarounds

Workarounds are not available.

CVEsCVE-2016-1446
Cisco Bug IDsCSCuy83200
CVSS ScoreBase 4.0
Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2016-1446 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2016-1446 Cisco OpenVuln