| Vulnerability Name: | CVE-2013-5494 (CCN-87071) | ||||||||
| Assigned: | 2013-09-13 | ||||||||
| Published: | 2013-09-13 | ||||||||
| Updated: | 2013-10-18 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-5494 Source: CCN Type: SA54768 Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability Source: CISCO Type: Vendor Advisory 20130913 Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability Source: CCN Type: OSVDB ID: 97293 Cisco Unified MeetingPlace Solution Unspecified CSRF Source: CCN Type: BID-62390 Multiple Cisco Unified MeetingPlace Products CVE-2013-5494 Cross Site Request Forgery Vulnerability Source: SECTRACK Type: UNKNOWN 1029037 Source: XF Type: UNKNOWN cisco-unified-cve20135494-csrf(87071) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||