Sign-up

ID

VAR-201409-0393


CVE

CVE-2014-3363


TITLE

Cisco Unified Communications Manager of web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-004175

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq68443. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-3363 // JVNDB: JVNDB-2014-004175 // BID: 69739 // VULHUB: VHN-71303

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(2.10000.28\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1(2.10000.28)

Trust: 0.8

sources: JVNDB: JVNDB-2014-004175 // CNNVD: CNNVD-201409-500 // NVD: CVE-2014-3363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3363
value: LOW

Trust: 1.0

NVD: CVE-2014-3363
value: LOW

Trust: 0.8

CNNVD: CNNVD-201409-500
value: LOW

Trust: 0.6

VULHUB: VHN-71303
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-3363
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71303
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71303 // JVNDB: JVNDB-2014-004175 // CNNVD: CNNVD-201409-500 // NVD: CVE-2014-3363

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71303 // JVNDB: JVNDB-2014-004175 // NVD: CVE-2014-3363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-500

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201409-500

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004175

PATCH
title:Cisco Unified Communications Manager Cross-Site Redirection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363
Trust: 0.8
title:35672url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35672
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004175

EXTERNAL IDS
db:NVDid:CVE-2014-3363
Trust: 2.8
db:BIDid:69739
Trust: 1.4
db:SECTRACKid:1030836
Trust: 1.1
db:SECUNIAid:59105
Trust: 1.1
db:JVNDBid:JVNDB-2014-004175
Trust: 0.8
db:CNNVDid:CNNVD-201409-500
Trust: 0.7
db:VULHUBid:VHN-71303
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71303 // 
            
            
            
            BID: 69739 // 
            
            
            
            JVNDB: JVNDB-2014-004175 // 
            
            
            
            CNNVD: CNNVD-201409-500 // 
            
            
            
            NVD: CVE-2014-3363

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3363
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35672
Trust: 1.7
url:http://www.securityfocus.com/bid/69739
Trust: 1.1
url:http://www.securitytracker.com/id/1030836
Trust: 1.1
url:http://secunia.com/advisories/59105
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95882
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3363
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3363
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71303 // 
            
            
            
            BID: 69739 // 
            
            
            
            JVNDB: JVNDB-2014-004175 // 
            
            
            
            CNNVD: CNNVD-201409-500 // 
            
            
            
            NVD: CVE-2014-3363

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69739

SOURCES
db:VULHUBid:VHN-71303
db:BIDid:69739
db:JVNDBid:JVNDB-2014-004175
db:CNNVDid:CNNVD-201409-500
db:NVDid:CVE-2014-3363

LAST UPDATE DATE
2024-11-23T23:05:45.967000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71303date:2017-08-29T00:00:00
db:BIDid:69739date:2014-09-10T00:00:00
db:JVNDBid:JVNDB-2014-004175date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-500date:2014-09-15T00:00:00
db:NVDid:CVE-2014-3363date:2024-11-21T02:07:56.763

SOURCES RELEASE DATE
db:VULHUBid:VHN-71303date:2014-09-12T00:00:00
db:BIDid:69739date:2014-09-10T00:00:00
db:JVNDBid:JVNDB-2014-004175date:2014-09-16T00:00:00
db:CNNVDid:CNNVD-201409-500date:2014-09-15T00:00:00
db:NVDid:CVE-2014-3363date:2014-09-12T01:55:07.060