CVE-2015-0684

{"id": "CVE-2015-0684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-03T10:59:07.960", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38114", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032001", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente Image Management en Cisco Unified Communications Domain Manager 8.1(4) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuq52515."}], "lastModified": "2015-09-29T19:30:54.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\\(.4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49B0F6DA-9BC8-4FB7-86AD-D0F4D453BBFA"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}