Release date:
Updated on:
Affected Systems:
Cisco Unified Presence Server 8.6 (4)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64551
CVE (CAN) ID: CVE-2013-6983
Cisco Unified Presence is an enterprise-level platform driven by Jabber XMPP. It can collect information about user availability and communication functions to provide Unified user network status, provides support for Cisco Unified Communications and key business applications based on network status.
A security vulnerability exists in the Web interface of Cisco uniied Presence Server 8.6 (4), which allows authenticated remote attackers to affect the confidentiality, integrity, and availability of the affected system. This vulnerability is caused by the failure to correctly verify user input in the SQL query. Attackers exploit this vulnerability through specially crafted URLs, including SQL statements.
<* Source: Cisco
Link: http://secunia.com/advisories/56273
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-6983) and patches for this:
CVE-2013-6983: Cisco uniied Presence Server SQL Injection Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
