Lucene search

[email protected]CVE-2014-3374

HistoryOct 31, 2014 - 10:55 a.m.

CVE-2014-3374

2014-10-3110:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3374

cross-site scripting

xss

cisco

unified communications manager

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

Affected configurations

NVD

Node

ciscounified_communications_manager

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq*

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	*

References

secunia.com/advisories/59696

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374

tools.cisco.com/security/center/viewAlert.x?alertId=36295

www.securityfocus.com/bid/70849

www.securitytracker.com/id/1031162

exchange.xforce.ibmcloud.com/vulnerabilities/98407

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVE-2014-3374

prion1 cvelist1 cisco1 nvd1 nessus1