CVE-2016-6464

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181).

Published: Dec 14, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6464
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager_im_and_presence_service	10.5(1)	10.5(1).x
cisco / unified_communications_manager_im_and_presence_service	11.5(1)	11.5(1).x
cisco / unified_communications_manager_im_and_presence_service	10.5(2)	10.5(2).x
cisco / unified_communications_manager_im_and_presence_service	11.0(1)	11.0(1).x

http://www.securityfocus.com/bid/94802
http://www.securitytracker.com/id/1037412
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm

Vulnerability Database

289,599

CVE-2016-6464