Lucene search

CiscoCVE-2015-4218

HistoryJun 24, 2015 - 10:59 a.m.

CVE-2015-4218

2015-06-2410:59:11

CWE-200

cisco

web.nvd.nist.gov

cisco

jabber

security

vulnerability

remote attack

information disclosure

cve-2015-4218

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

50.4%

JSON

The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.

Affected configurations

Nvd

Node

ciscojabberMatch9.6\(0\)windows

ciscojabberMatch9.6\(1\)windows

ciscojabberMatch9.6\(2\)windows

ciscojabberMatch9.6\(3\)windows

ciscojabberMatch9.7\(0\)windows

ciscojabberMatch9.7\(1\)windows

ciscojabberMatch9.7\(2\)windows

ciscojabberMatch9.7\(3\)windows

ciscojabberMatch9.7\(4\)windows

ciscojabberMatch9.7\(5\)windows

VendorProductVersionCPE
ciscojabber9.6(0)cpe:2.3:a:cisco:jabber:9.6\(0\):*:*:*:*:windows:*:*
ciscojabber9.6(1)cpe:2.3:a:cisco:jabber:9.6\(1\):*:*:*:*:windows:*:*
ciscojabber9.6(2)cpe:2.3:a:cisco:jabber:9.6\(2\):*:*:*:*:windows:*:*
ciscojabber9.6(3)cpe:2.3:a:cisco:jabber:9.6\(3\):*:*:*:*:windows:*:*
ciscojabber9.7(0)cpe:2.3:a:cisco:jabber:9.7\(0\):*:*:*:*:windows:*:*
ciscojabber9.7(1)cpe:2.3:a:cisco:jabber:9.7\(1\):*:*:*:*:windows:*:*
ciscojabber9.7(2)cpe:2.3:a:cisco:jabber:9.7\(2\):*:*:*:*:windows:*:*
ciscojabber9.7(3)cpe:2.3:a:cisco:jabber:9.7\(3\):*:*:*:*:windows:*:*
ciscojabber9.7(4)cpe:2.3:a:cisco:jabber:9.7\(4\):*:*:*:*:windows:*:*
ciscojabber9.7(5)cpe:2.3:a:cisco:jabber:9.7\(5\):*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
cisco	jabber	9.6(0)	cpe:2.3:a:cisco:jabber:9.6\(0\):::::windows::
cisco	jabber	9.6(1)	cpe:2.3:a:cisco:jabber:9.6\(1\):::::windows::
cisco	jabber	9.6(2)	cpe:2.3:a:cisco:jabber:9.6\(2\):::::windows::
cisco	jabber	9.6(3)	cpe:2.3:a:cisco:jabber:9.6\(3\):::::windows::
cisco	jabber	9.7(0)	cpe:2.3:a:cisco:jabber:9.7\(0\):::::windows::
cisco	jabber	9.7(1)	cpe:2.3:a:cisco:jabber:9.7\(1\):::::windows::
cisco	jabber	9.7(2)	cpe:2.3:a:cisco:jabber:9.7\(2\):::::windows::
cisco	jabber	9.7(3)	cpe:2.3:a:cisco:jabber:9.7\(3\):::::windows::
cisco	jabber	9.7(4)	cpe:2.3:a:cisco:jabber:9.7\(4\):::::windows::
cisco	jabber	9.7(5)	cpe:2.3:a:cisco:jabber:9.7\(5\):::::windows::

References

tools.cisco.com/security/center/viewAlert.x?alertId=39494

www.securityfocus.com/bid/75377

www.securitytracker.com/id/1032711

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

50.4%

JSON

Related for CVE-2015-4218