Cross site request forgery (csrf)

2013-05-0912:31:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.

CPENameOperatorVersion
unified_customer_voice_portaleq3.0 sr1
unified_customer_voice_portaleq4.2.0
unified_customer_voice_portaleq3.610 es1
unified_customer_voice_portaleq4.2 sr1
unified_customer_voice_portaleq<= 9.1
unified_customer_voice_portaleq7.2.0
unified_customer_voice_portaleq8.51.0
unified_customer_voice_portaleq9.0
unified_customer_voice_portaleq4.0
unified_customer_voice_portaleq7.0

Name	Operator	Version
unified_customer_voice_portal	eq	3.0 sr1
unified_customer_voice_portal	eq	4.2.0
unified_customer_voice_portal	eq	3.610 es1
unified_customer_voice_portal	eq	4.2 sr1
unified_customer_voice_portal	eq	<= 9.1
unified_customer_voice_portal	eq	7.2.0
unified_customer_voice_portal	eq	8.51.0
unified_customer_voice_portal	eq	9.0
unified_customer_voice_portal	eq	4.0
unified_customer_voice_portal	eq	7.0