Primary

Context

Cisco Unity Connection SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in the web-based management interface of Cisco Unity Connection. This vulnerability allows an authenticated, remote attacker to execute SQL injection attacks on affected devices. The issue arises from inadequate validation of user-supplied input, enabling attackers to send crafted HTTP(S) requests that could be exploited to access unauthorized data on the device.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to perform SQL injection attacks, potentially leading to unauthorized data access on the affected device.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to the fixed releases mentioned in the Cisco Security Advisory.

Added: Apr 15, 2026, 6:00 PM

Updated: Apr 15, 2026, 6:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

4.9

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

4.9

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unity Connection SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Unity Connection

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating