The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
References
Link | Resource |
---|---|
http://osvdb.org/101162 | |
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978 | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=32219 | Vendor Advisory |
http://www.securityfocus.com/bid/64421 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1029520 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/89834 | |
http://osvdb.org/101162 | |
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978 | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=32219 | Vendor Advisory |
http://www.securityfocus.com/bid/64421 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1029520 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/89834 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/101162 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978 - Vendor Advisory | |
References | () http://tools.cisco.com/security/center/viewAlert.x?alertId=32219 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/64421 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029520 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/89834 - |
Information
Published : 2013-12-21 14:22
Updated : 2024-11-21 02:00
NVD link : CVE-2013-6978
Mitre link : CVE-2013-6978
CVE.ORG link : CVE-2013-6978
JSON object : View
Products Affected
cisco
- unified_communications_manager
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor