Sign-up

ID

VAR-201309-0431


CVE

CVE-2013-5492


TITLE

Cisco SocialMiner of administration.jsp Vulnerability where important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-004111

DESCRIPTION

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. Cisco SocialMiner of administration.jsp Contains a vulnerability where important information can be obtained. Vendors report this vulnerability Bug ID CSCuh76780 Published as.By a third party, between the client and server HTTP Interception of communications may result in the acquisition of important information. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuh76780. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities. The software establishes an insecure HTTP connection between the Cisco SocialMiner client and server

Trust: 1.98

sources: NVD: CVE-2013-5492 // JVNDB: JVNDB-2013-004111 // BID: 62334 // VULHUB: VHN-65494

AFFECTED PRODUCTS

vendor:ciscomodel:socialminerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:socialminerscope:eqversion:9.0(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004111 // CNNVD: CNNVD-201309-194 // NVD: CVE-2013-5492

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5492
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5492
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65494
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5492
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65494
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65494 // JVNDB: JVNDB-2013-004111 // CNNVD: CNNVD-201309-194 // NVD: CVE-2013-5492

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-65494 // JVNDB: JVNDB-2013-004111 // NVD: CVE-2013-5492

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-194

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201309-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004111

PATCH
title:Cisco SocialMiner Sensitive Information GET Request Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489
Trust: 0.8
title:30748url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30748
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004111

EXTERNAL IDS
db:NVDid:CVE-2013-5492
Trust: 2.8
db:SECTRACKid:1029033
Trust: 1.1
db:JVNDBid:JVNDB-2013-004111
Trust: 0.8
db:CNNVDid:CNNVD-201309-194
Trust: 0.7
db:CISCOid:20130911 CISCO SOCIALMINER ADMINISTRATION.JSP HTTP INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:62334
Trust: 0.4
db:VULHUBid:VHN-65494
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65494 // 
            
            
            
            BID: 62334 // 
            
            
            
            JVNDB: JVNDB-2013-004111 // 
            
            
            
            CNNVD: CNNVD-201309-194 // 
            
            
            
            NVD: CVE-2013-5492

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5492
Trust: 1.7
url:http://www.securitytracker.com/id/1029033
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5492
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5492
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65494 // 
            
            
            
            JVNDB: JVNDB-2013-004111 // 
            
            
            
            CNNVD: CNNVD-201309-194 // 
            
            
            
            NVD: CVE-2013-5492

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62334

SOURCES
db:VULHUBid:VHN-65494
db:BIDid:62334
db:JVNDBid:JVNDB-2013-004111
db:CNNVDid:CNNVD-201309-194
db:NVDid:CVE-2013-5492

LAST UPDATE DATE
2024-11-23T22:35:19.371000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65494date:2013-10-16T00:00:00
db:BIDid:62334date:2013-09-16T00:13:00
db:JVNDBid:JVNDB-2013-004111date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-194date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5492date:2024-11-21T01:57:34.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-65494date:2013-09-13T00:00:00
db:BIDid:62334date:2013-09-11T00:00:00
db:JVNDBid:JVNDB-2013-004111date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-194date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5492date:2013-09-13T14:10:27.447