CVE-2014-3281

{"id": "CVE-2014-3281", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-08T16:55:02.753", "references": [{"url": "http://secunia.com/advisories/58657", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/67925", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/58657", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/67925", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101."}, {"lang": "es", "value": "El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) no implementa debidamente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible mediante la visita a una p\u00e1gina web BVSMWeb no especificada, tambi\u00e9n conocido como Bug IDs CSCun46071 y CSCun46101."}], "lastModified": "2024-11-21T02:07:47.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAC05C99-071F-47E7-A3B6-899488520663"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}