Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability

cisco-sa-20180418-ucm1 · Medium · Published · Updated

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0267
Cisco Bug IDsCSCvf22116
CVSS ScoreBase 5.5
Base 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Communications Manager

Related Products

Product CVE Evidence
Cisco Unified Communications Manager CVE-2018-0267 Cisco OpenVuln