{"api_version":"1","generated_at":"2026-05-13T18:23:21+00:00","cve":"CVE-2014-0746","urls":{"html":"https://cve.report/CVE-2014-0746","api":"https://cve.report/api/cve/CVE-2014-0746.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-0746","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-0746"},"summary":{"title":"CVE-2014-0746","description":"The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.","state":"PUBLISHED","assigner":"cisco","published_at":"2014-02-27 01:55:03","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746","name":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1029842","name":"http://www.securitytracker.com/id/1029842","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-0746","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0746","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"746","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"unified_contact_center_express_editor_software","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2014","cve_id":"746","cve":"CVE-2014-0746","epss":"0.001760000","percentile":"0.386300000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:11"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T09:27:19.169Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1029842","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-02-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-05-15T16:57:00.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"1029842","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2014-0746","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1029842","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2014-0746","datePublished":"2014-02-27T01:00:00.000Z","dateReserved":"2014-01-02T00:00:00.000Z","dateUpdated":"2024-08-06T09:27:19.169Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-02-27 01:55:03","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*","matchCriteriaId":"14E9EB78-63EF-44CC-842B-1252E2807597"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"746","Ordinal":"1","Title":"CVE-2014-0746","CVE":"CVE-2014-0746","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"746","Ordinal":"1","NoteData":"The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.","Type":"Description","Title":"CVE-2014-0746"},{"CveYear":"2014","CveId":"746","Ordinal":"2","NoteData":"2014-02-26","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"746","Ordinal":"3","NoteData":"2015-05-15","Type":"Other","Title":"Modified"}]}}}