CVE-2016-6364 — Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedAug 23

Latest updateMay 17

Description

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/unified_communications_manager11.5.0

🔴Vulnerability Details

GHSA

GHSA-qj4x-mj6w-4c5v: The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11↗2022-05-17

▶

CVEList

CVE-2016-6364: The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11↗2016-08-23

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Information Disclosure Vulnerability↗2016-08-17

▶