What is CVE-2016-6464?

CVE-2016-6464 is a high-severity vulnerability in Cisco Unified_communications_manager_im_and_presence_service, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-12-14.

How severe is CVE-2016-6464?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Cisco Unified_communications_manager_im_and_presence_service

CVE-2016-6464

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Informatio…

Vulnerability class: Information Disclosure

EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Unified_communications_manager_im_and_presence_service — versions 10.5\(1\), 10.5\(2\), 11.0\(1\)
N/a Cisco Unified Communications Manager — versions Cisco Unified Communications Manager

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1037412 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
94802 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6464?: CVE-2016-6464 is a high-severity vulnerability in Cisco Unified_communications_manager_im_and_presence_service, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-12-14.
How severe is CVE-2016-6464?: High severity. CVSS v3 base score is 7.5 out of 10.