CVE-2016-6364

EPSS 0.73%
Published 23.08.2016 02:11:03
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Unified Communications Manager Version11.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.73%	0.704

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm

Vendor Advisory

http://www.securityfocus.com/bid/92517

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1036650

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-6364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6364

EUVD