SQL injection in Cisco WebEx Meetings Server. - CVE-2016-1446

Vulnerability identifier: #VU154

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-1446

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

The vulnerability allows a remote attacker to inject SQL commands.

The vulnerability exists due to a lack of input validation on user-supplied input in SQL queries. A remote authenticated attacker can execute SQL commands by sending crafted URLs that contain malicious SQL statements to the affected system.

Successful exploitation of this vulnerability may result in disclosure of system information.

Patch for this vulnerability is available through the Cisco Bug Search Tool.

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms