Home Unlabelled Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability

Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability

By
Thursday, July 14, 2016
Read
Add Comment
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries.

The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to gather information from the database.

Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/29HTTMV A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries.

The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to gather information from the database.

Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/29HTTMV
Security Impact Rating: Medium
CVE: CVE-2016-1446

from Cisco Security Advisory http://ift.tt/29HTTMV
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us