Cross site request forgery (csrf)

2013-05-0912:31:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

CPENameOperatorVersion
unified_customer_voice_portaleq3.0 sr1
unified_customer_voice_portaleq4.2.0
unified_customer_voice_portaleq3.610 es1
unified_customer_voice_portaleq4.2 sr1
unified_customer_voice_portaleq<= 9.1
unified_customer_voice_portaleq7.2.0
unified_customer_voice_portaleq8.51.0
unified_customer_voice_portaleq9.0
unified_customer_voice_portaleq4.0
unified_customer_voice_portaleq7.0

Name	Operator	Version
unified_customer_voice_portal	eq	3.0 sr1
unified_customer_voice_portal	eq	4.2.0
unified_customer_voice_portal	eq	3.610 es1
unified_customer_voice_portal	eq	4.2 sr1
unified_customer_voice_portal	eq	<= 9.1
unified_customer_voice_portal	eq	7.2.0
unified_customer_voice_portal	eq	8.51.0
unified_customer_voice_portal	eq	9.0
unified_customer_voice_portal	eq	4.0
unified_customer_voice_portal	eq	7.0