CVE-2013-3437
Description
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
Risk Information
Base Score
6.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.556
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Unified Operations Manager SQL Injection Vulnerability For Cisco Prime Unified Operations Manager | NCM |
| Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability (CVE-2013-3437) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705458 | Security Update for Cisco Prime Unified Operations Manager 8.7 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234