CVE-2018-0105Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200Sensitive Information ExposureCWE-425Forced Browsing5 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
1.5%
top 19.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedJan 18
Latest updateMay 13

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

2
GHSA
GHSA-h95r-6j2f-jgrc: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data2022-05-13
CVEList
CVE-2018-0105: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data2018-01-18

📋Vendor Advisories

2
Cisco
Cisco Unified Communications Manager Information Disclosure Vulnerability2018-01-17
Cisco
Cisco Enterprise License Manager Information Disclosure Vulnerability2018-01-17
CVE-2018-0105 — Sensitive Information Exposure in Cisco | cvebase