Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-15272

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.

  • Published: Oct 2, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-15272
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

Software From Fixed in
cisco / unified_communications_manager 11.5(1.10000.6) 11.5(1.10000.6).x
cisco / unified_communications_manager 10.5(2.10000.5) 10.5(2.10000.5).x
cisco / unified_communications_manager 12.0(1.10000.10) 12.0(1.10000.10).x
cisco / unified_communications_manager 12.5(1.10000.22) 12.5(1.10000.22).x