CVE-2014-3326 Information

Description

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors aka Bug ID CSCup26957.

Reference

http://secunia.com/advisories/60455 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326 http://tools.cisco.com/security/center/viewAlert.x?alertId=35029 http://www.securityfocus.com/bid/68877 http://www.securitytracker.com/id/1030639 https://exchange.xforce.ibmcloud.com/vulnerabilities/94841