CVE-2016-6464

{"id": "CVE-2016-6464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-12-14T00:59:03.203", "references": [{"url": "http://www.securityfocus.com/bid/94802", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1037412", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181)."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web del Cisco Unified Communications Manager IM and Presence Service puede permitir a un atacante remoto no autenticado ver informaci\u00f3n en p\u00e1ginas web que deber\u00edan estar restringidas. M\u00e1s informaci\u00f3n: CSCva49629. Lanzamientos Afectados Conocidos: 11.5(1). Lanzamientos Reparados Conocidos: 11.5(1.12000.2) 12.0(0.98000.181)."}], "lastModified": "2017-01-05T13:41:38.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07CA186C-F010-4C41-9F27-56639DF8D0EF"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF58FA68-5EEC-47A2-AD8C-2342B449741D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABAD4CA1-E77D-48EC-8C84-2B184D003E34"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}