CVE-2016-1373

CWE-20Improper Input ValidationCWE-200Information ExposureCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
8.6HIGH
EPSS
0.2%
top 53.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Finesse
Timeline
PublishedMay 5
Latest updateOct 2

Description

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

NVDcisco/finesse31 versions+30

🔴Vulnerability Details

3
GHSA
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission2024-10-02
GHSA
GHSA-r94f-58pf-4j6w: The gadgets-integration API in Cisco Finesse 82022-05-17
CVEList
CVE-2016-1373: The gadgets-integration API in Cisco Finesse 82016-05-05

📋Vendor Advisories

1
Cisco
Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability2016-05-05