Lucene search

CiscoCVE-2015-6416

HistoryDec 14, 2015 - 3:59 a.m.

CVE-2015-6416

2015-12-1403:59:05

CWE-79

cisco

web.nvd.nist.gov

cve

2015

6416

cross-site scripting

xss

vulnerability

cisco

unified email interaction manager

unified web interaction manager

bug id

cscuw24479

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

Affected configurations

Nvd

Node

ciscounified_web_and_e-mail_interaction_managerMatch11.0\(1\)

VendorProductVersionCPE
ciscounified_web_and_e-mail_interaction_manager11.0(1)cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:11.0\(1\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_web_and_e-mail_interaction_manager	11.0(1)	cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:11.0\(1\):::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim

www.securityfocus.com/bid/79034

www.securitytracker.com/id/1034382

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Related for CVE-2015-6416