CVE-2014-2193

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

Severity	MEDIUM
CVSS	4.3
EPSS	-
CWE	CWE-20
KEV
Published	12 years ago
Modified	2 weeks ago

Public Affected Products

Product	Advisory	Evidence
Cisco Unified Web and E-Mail Interaction Manager	Cisco-SA-20140520-CVE-2014-2193	Cisco CSAF · structured affected