{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T08:54:47Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"Cisco-SA-20120511-CVE-2011-4232","slug":"cisco-sa-20120511-cve-2011-4232","vendor":"Cisco","title":"Cisco Unified MeetingPlace Directory Enumeration Information Disclosure Vulnerability","summary":"Cisco Unified MeetingPlace software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to an unspecified error in the affected software that could allow an attacker to enumerate existing folders via directory transversal sequences.&nbsp; An unauthenticated, remote attacker could exploit this vulnerability to access sensitive information on the system. The attacker could use this information to launch further attacks. Cisco has confirmed this vulnerability and released software updates. To exploit this vulnerability, an attacker would need to access trusted, internal networks.&nbsp; This access requirement decreases the likelihood of a successful exploit.","severity":"Medium","published_at":"2012-05-11T13:48:40Z","updated_at":"2012-05-11T13:48:40Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120511-CVE-2011-4232","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/Cisco-SA-20120511-CVE-2011-4232/csaf/Cisco-SA-20120511-CVE-2011-4232.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_epss":0.0023,"highest_cvss":5.0},"cves":[{"id":"CVE-2011-4232","description":"The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.","severity":"MEDIUM","kev":false,"epss":{"score":0.0023,"percentile":0.45750999999999997,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":5.0,"cvss_source":"NVD","cwe":"CWE-200","published_at":"2012-05-03T10:11:39Z","modified_at":"2026-04-29T01:13:23Z"}],"public_evidence":[{"product":{"name":"Cisco Unified MeetingPlace","slug":"cisco-unified-meetingplace","vendor":"Cisco"},"cve":{"id":"CVE-2011-4232"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T20:03:30Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"Cisco Unified MeetingPlace","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"epss":{"score":0.0023,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":5.0,"cvss_source":"NVD","published_at":"2012-05-11T13:48:40Z","updated_at":"2012-05-11T13:48:40Z","advisory_updated_at":"2012-05-11T13:48:40Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120511-CVE-2011-4232","row_display_order":1}]}