CVE-2018-0198Protection Mechanism Failure in Cisco Unified Communications Manager

CWE-693Protection Mechanism FailureCWE-425Forced Browsing4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 27.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedMar 27
Latest updateMay 13

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

2
GHSA
GHSA-q53v-c88f-4373: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data2022-05-13
CVEList
CVE-2018-0198: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data2018-03-27

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Information Disclosure Vulnerability2018-02-08
CVE-2018-0198 — Protection Mechanism Failure in Cisco | cvebase