CVE-2018-0198

EPSS 0.72%
Published 27.03.2018 09:29:00
Last modified 21.11.2024 03:37:42
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.

Affected products Warnungen 0 Metrics 3 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Unified Communications Manager

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.72%	0.702

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://www.securityfocus.com/bid/102965

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040342

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0198

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0198

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0198

EUVD