Cisco IM and Presence Service SQL Injection Vulnerability (CVE-2015-4222)
Cisco IM and Presence Service SQL Injection Vulnerability (CVE-2015-4222)
Release date:
Updated on:
Affected Systems:
Cisco uniied Communications Manager IM and Presence Ser 9.1 (1)
Description:
CVE (CAN) ID: CVE-2015-4222
Cisco IM and Presence Service provides enterprise instant messaging and network visualization services.
Cisco IM and Presence Service does not properly verify user input in SQL queries. authenticated remote attackers can exploit this vulnerability to read, modify, or delete entries in some database tables.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 39506
This article permanently updates the link address: