Lucene search

[email protected]NVD:CVE-2015-0705

HistoryApr 22, 2015 - 1:59 a.m.

CVE-2015-0705

2015-04-2201:59:01

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.

Affected configurations

Nvd

Node

ciscounified_meetingplaceMatch8.6\(1.9\)

VendorProductVersionCPE
ciscounified_meetingplace8.6(1.9)cpe:2.3:a:cisco:unified_meetingplace:8.6\(1.9\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_meetingplace	8.6(1.9)	cpe:2.3:a:cisco:unified_meetingplace:8.6\(1.9\):::::::*

References

tools.cisco.com/security/center/viewAlert.x?alertId=38461

www.securityfocus.com/bid/74258

www.securitytracker.com/id/1032335

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

Related for NVD:CVE-2015-0705

cvelist1 cisco1 cve1 prion1 symantec1