CVE-2018-0198

Опубликовано: 27 мар. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.

Ссылки

http://www.securityfocus.com/bid/102965
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040342
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1
Vendor Advisory
http://www.securityfocus.com/bid/102965
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040342
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0072

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-693

CWE-425

Связанные уязвимости

GHSA-q53v-c88f-4373