Vulnerability in Cisco Unified_communications_manager_im_and_presence_service
CVE-2014-8000
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requ…
EPSS: 0.007 (73.2th percentile) — read the EPSS interpretation.
Affected products
- Cisco Unified_communications_manager_im_and_presence_service — versions 9.1\(1\)
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 62558 (x_refsource_SECUNIA, third-party-advisory)
- 71173 (vdb-entry, x_refsource_BID)
- 1031240 (vdb-entry, x_refsource_SECTRACK)
- cisco-ucm-cve20148000-info-disc(98786) (vdb-entry, x_refsource_XF)