exploitDog

CVE-2014-2193

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2193
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2193
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00224

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-qp2p-gxc5-fcfh

github

больше 3 лет назад

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

EPSS

Процентиль: 45%

0.00224

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20