SecuritySpace - CVE-2017-6757

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-6757

Description: A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user- supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.

Test IDs: 1.3.6.1.4.1.25623.1.0.140275

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-6757
BugTraq ID: 100121
http://www.securityfocus.com/bid/100121
http://www.securitytracker.com/id/1039063

CVE ID:	CVE-2017-6757
Description:	A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user- supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.
Test IDs:	1.3.6.1.4.1.25623.1.0.140275
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6757 BugTraq ID: 100121 http://www.securityfocus.com/bid/100121 http://www.securitytracker.com/id/1039063