Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 - Vendor Advisory | |
References | () http://tools.cisco.com/security/center/viewAlert.x?alertId=33049 - Vendor Advisory | |
References | () http://www.securitytracker.com/id/1029843 - |
Information
Published : 2014-02-27 01:55
Updated : 2024-11-21 02:02
NVD link : CVE-2014-0740
Mitre link : CVE-2014-0740
CVE.ORG link : CVE-2014-0740
JSON object : View
Products Affected
cisco
- unified_communications_manager
CWE
CWE-352
Cross-Site Request Forgery (CSRF)