Vulnerability Details : CVE-2014-0746
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
Vulnerability category: Information leak
Products affected by CVE-2014-0746
- cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0746
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0746
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0746
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0746
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746
Cisco Unified Contact Center Express DRS Sensitive Information Disclosure VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029842
Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker
Jump to