SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
http://www.securitytracker.com/id/1030639
http://www.securityfocus.com/bid/68877
https://exchange.xforce.ibmcloud.com/vulnerabilities/94841
http://tools.cisco.com/security/center/viewAlert.x?alertId=35029
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
http://secunia.com/advisories/60455
Source: Mitre, NVD
Published: 2014-07-26
Updated: 2026-06-17
Base Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: Medium
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.00781