{"api_version":"1","generated_at":"2026-05-13T18:23:22+00:00","cve":"CVE-2014-2102","urls":{"html":"https://cve.report/CVE-2014-2102","api":"https://cve.report/api/cve/CVE-2014-2102.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-2102","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-2102"},"summary":{"title":"CVE-2014-2102","description":"Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.","state":"PUBLISHED","assigner":"cisco","published_at":"2014-02-27 01:55:04","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102","name":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1029842","name":"http://www.securitytracker.com/id/1029842","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-2102","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2102","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"2102","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"unified_contact_center_express_editor_software","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2014","cve_id":"2102","cve":"CVE-2014-2102","epss":"0.001760000","percentile":"0.386300000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:11"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T10:05:57.928Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1029842","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-02-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-05-15T16:57:00.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"1029842","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2014-2102","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1029842","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1029842"},{"name":"20140225 Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2014-2102","datePublished":"2014-02-27T01:00:00.000Z","dateReserved":"2014-02-25T00:00:00.000Z","dateUpdated":"2024-08-06T10:05:57.928Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-02-27 01:55:04","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*","matchCriteriaId":"14E9EB78-63EF-44CC-842B-1252E2807597"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"2102","Ordinal":"1","Title":"CVE-2014-2102","CVE":"CVE-2014-2102","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"2102","Ordinal":"1","NoteData":"Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.","Type":"Description","Title":"CVE-2014-2102"},{"CveYear":"2014","CveId":"2102","Ordinal":"2","NoteData":"2014-02-26","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"2102","Ordinal":"3","NoteData":"2015-05-15","Type":"Other","Title":"Modified"}]}}}