| Vulnerability Name: | CVE-2014-3374 (CCN-98407) | ||||||||
| Assigned: | 2014-10-30 | ||||||||
| Published: | 2014-10-30 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3374 Source: SECUNIA Type: UNKNOWN 59696 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=36295 Source: BID Type: UNKNOWN 70849 Source: CCN Type: BID-70849 Cisco Unified Communications Manager Admin Interface Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1031162 Source: XF Type: UNKNOWN cisco-ucm-cve20143374-xss(98407) Source: XF Type: UNKNOWN cisco-ucm-cve20143374-xss(98407) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||