2 matches found
CVE-2014-0736
Cross-site request forgery CSRF vulnerability in the Call Detail Records Analysis and Reporting CAR page in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug I...
CVE-2014-0736
Cisco Unified Communications Manager (Unified CM) is affected by CSRF on the CAR page, for 10.0(1) and earlier. An attacker can trick a logged-in user into issuing CAR-modification requests, potentially hijacking the user’s authentication for those actions. The issue is addressed in Cisco’s advis...