4.3
CVE-2018-0266
- EPSS 0.16%
- Veröffentlicht 19.04.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 03:37:50
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unified Communications Manager Version10.5(2.10000.5)
Cisco ≫ Unified Communications Manager Version11.0(1.10000.10)
Cisco ≫ Unified Communications Manager Version11.5(1.10000.6)
Cisco ≫ Unified Communications Manager Version12.0(1.10000.10)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.371 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.