CVE-2018-0135

{"id": "CVE-2018-0135", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-02-08T07:29:00.897", "references": [{"url": "http://www.securityfocus.com/bid/102964", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040343", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Unified Communications Manager podr\u00eda permitir que un atacante remoto autenticado acceda a informaci\u00f3n sensible en un sistema afectado. La vulnerabilidad existe porque el software afectado valida indebidamente entradas de b\u00fasqueda proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando peticiones maliciosas a un sistema afectado. Un exploit con \u00e9xito podr\u00eda permitir que el atacante recupere informaci\u00f3n sensible del sistema afectado. Cisco Bug IDs: CSCvf17644."}], "lastModified": "2019-10-09T23:31:18.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.24075.1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2BD3A99-FF3D-49F2-ABDE-EFE64D093967"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}