CVE-2014-3278

{"id": "CVE-2014-3278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-08T16:55:02.673", "references": [{"url": "http://secunia.com/advisories/58657", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/67924", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572."}, {"lang": "es", "value": "El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) no implementa debidamente control de acceso, lo que permite a atacantes remotos enumerar cuentas mediante la visita a una p\u00e1gina web BVSMWeb no especificada, tambi\u00e9n conocido como Bug IDs CSCun39619 y CSCun45572."}], "lastModified": "2015-12-04T18:42:11.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAC05C99-071F-47E7-A3B6-899488520663"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}