Lucene search

CiscoCVE-2016-1439

HistoryJun 23, 2016 - 12:59 a.m.

CVE-2016-1439

2016-06-2300:59:07

CWE-79

cisco

web.nvd.nist.gov

cve-2016-1439

xss vulnerability

cisco unified contact center enterprise

security

bug id cscux59650

nvd

cve

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.4%

JSON

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.

Affected configurations

Nvd

Node

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr1

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr2

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr3

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr4

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr5

ciscounified_contact_center_enterpriseMatch4.6\(2\)sr6

ciscounified_contact_center_enterpriseMatch4.6.2

ciscounified_contact_center_enterpriseMatch5.0\(0\)

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr10

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr11

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr12

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr13

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr2

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr3

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr4

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr5

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr7

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr8

ciscounified_contact_center_enterpriseMatch5.0\(0\)sr9

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr1

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr10

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr11

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr12

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr2

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr3

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr4

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr5

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr6

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr7

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr8

ciscounified_contact_center_enterpriseMatch6.0\(0\)sr9

ciscounified_contact_center_enterpriseMatch7.0\(0\)sr1

ciscounified_contact_center_enterpriseMatch7.0\(0\)sr2

ciscounified_contact_center_enterpriseMatch7.0\(0\)sr3

ciscounified_contact_center_enterpriseMatch7.0\(0\)sr4

ciscounified_contact_center_enterpriseMatch7.1\(2\)

ciscounified_contact_center_enterpriseMatch7.1\(3\)

ciscounified_contact_center_enterpriseMatch7.1\(4\)

ciscounified_contact_center_enterpriseMatch7.1\(5\)

ciscounified_contact_center_enterpriseMatch7.1.0

ciscounified_contact_center_enterpriseMatch7.2\(1\)

ciscounified_contact_center_enterpriseMatch7.2\(2\)

ciscounified_contact_center_enterpriseMatch7.2\(3\)

ciscounified_contact_center_enterpriseMatch7.2\(4\)

ciscounified_contact_center_enterpriseMatch7.2\(5\)

ciscounified_contact_center_enterpriseMatch7.2\(6\)

ciscounified_contact_center_enterpriseMatch7.2\(7\)

ciscounified_contact_center_enterpriseMatch7.5\(2\)

ciscounified_contact_center_enterpriseMatch7.5\(3\)

ciscounified_contact_center_enterpriseMatch7.5\(4\)

ciscounified_contact_center_enterpriseMatch7.5\(5\)

ciscounified_contact_center_enterpriseMatch7.5\(6\)

ciscounified_contact_center_enterpriseMatch7.5\(7\)

ciscounified_contact_center_enterpriseMatch7.5\(8\)

ciscounified_contact_center_enterpriseMatch7.5\(9\)

ciscounified_contact_center_enterpriseMatch7.5\(10\)

ciscounified_contact_center_enterpriseMatch8.0\(2\)

ciscounified_contact_center_enterpriseMatch8.0\(3\)

ciscounified_contact_center_enterpriseMatch8.5\(1\)

ciscounified_contact_center_enterpriseMatch8.5\(2\)

ciscounified_contact_center_enterpriseMatch8.5\(3\)

ciscounified_contact_center_enterpriseMatch8.5\(4\)

ciscounified_contact_center_enterpriseMatch9.0\(2\)

ciscounified_contact_center_enterpriseMatch9.0\(3\)

ciscounified_contact_center_enterpriseMatch9.0\(4\)

ciscounified_contact_center_enterpriseMatch10.0\(1\)

ciscounified_contact_center_enterpriseMatch10.0\(2\)

ciscounified_contact_center_enterpriseMatch10.5\(1\)

ciscounified_contact_center_enterpriseMatch10.5\(2\)

VendorProductVersionCPE
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr1:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr2:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr3:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr4:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr5:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6(2)cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr6:*:*:*:*:*:*
ciscounified_contact_center_enterprise4.6.2cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6.2:*:*:*:*:*:*:*
ciscounified_contact_center_enterprise5.0(0)cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):*:*:*:*:*:*:*
ciscounified_contact_center_enterprise5.0(0)cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):sr10:*:*:*:*:*:*
ciscounified_contact_center_enterprise5.0(0)cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):sr11:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr1::::::
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr2::::::
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr3::::::
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr4::::::
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr5::::::
cisco	unified_contact_center_enterprise	4.6(2)	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6\(2\):sr6::::::
cisco	unified_contact_center_enterprise	4.6.2	cpe:2.3:a:cisco:unified_contact_center_enterprise:4.6.2:::::::*
cisco	unified_contact_center_enterprise	5.0(0)	cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):::::::*
cisco	unified_contact_center_enterprise	5.0(0)	cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):sr10::::::
cisco	unified_contact_center_enterprise	5.0(0)	cpe:2.3:a:cisco:unified_contact_center_enterprise:5.0\(0\):sr11::::::

Rows per page:

1-10 of 691

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce

www.securitytracker.com/id/1036155

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.4%

JSON

Related for CVE-2016-1439