CVE-2014-0722 : The log4jinit web application in Cisco Unified Communications Manager (UCM) does

The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.

Published 2014-02-13 05:24:51

Updated 2025-04-11 00:51:22

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-0722

Cisco » Unified Communications Manager
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0722

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0722

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-0722

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0722

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722

Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-0722

Products affected by CVE-2014-0722

Exploit prediction scoring system (EPSS) score for CVE-2014-0722

CVSS scores for CVE-2014-0722

CWE ids for CVE-2014-0722

References for CVE-2014-0722