Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
0
Helpful
1
Replies

CSCwb37563 - Cisco UCM SQL Injection Vulnerability

ChristianSeifert62512
Level 1
Level 1

‎01-20-2023 02:27 AM

Hello community,

regarding this bug and CVE-2023-20010, are all websites of UCM affected (including ucmuser) or only ccmadmin, cmplatform etc.?

Thanks for any hint.

Greetings, Chris

2 people had this problem
Labels:
0 Helpful
1 Reply 1

AHenneberger
Level 1
Level 1

‎01-24-2023 12:44 AM

Hi Chris, 

I opened a TAC case for clarification and got reply that only /ccmadmin is affected by this vulnerability. Based on this an attacker needs at least a low priviledged admin account to use that exploit.

Cheers,

Alex

 

0 Helpful
Customers Also Viewed These Support Documents