Information disclosure in Cisco Unified_communications_manager

CVE-2011-1643

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database…

Vulnerability class: Information Disclosure

EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_communications_manager — versions 6.0, 6.1\(1\), 6.1\(1a\)
Cisco Unified_presence_server — versions 6.0\(1\), 6.0\(2\), 6.0\(3\)
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)