CVE-2019-15963Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 57.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unity Connection
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configur

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_communications_manager10.510.5\(2.10000.5\)+3

🔴Vulnerability Details

2
GHSA
GHSA-hx2m-2hr2-8gjh: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view se2022-05-24
CVEList
Cisco Unified Communications Manager Information Disclosure Vulnerability2020-09-23

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Information Disclosure Vulnerability2020-01-22
CVE-2019-15963 — Sensitive Information Exposure | cvebase