CVE-2014-0746
Summary
| CVE | CVE-2014-0746 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-27 01:55:00 UTC |
| Updated | 2015-08-01 01:35:00 UTC |
| Description | The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Unified Contact Center Express Editor Software | - | All | All | All |
| Application | Cisco | Unified Contact Center Express Editor Software | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.