CVE-2014-2185: Infoleak
First published: Tue Apr 29 2014(Updated: )
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
Credit: ykramarz@cisco.com psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager Session Management Edition | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-2185?
CVE-2014-2185 is classified as a medium severity vulnerability.
How do I fix CVE-2014-2185?
To fix CVE-2014-2185, Cisco recommends applying the appropriate software update for the affected version of Unified Communications Manager.
Who is affected by CVE-2014-2185?
Remote authenticated users of Cisco Unified Communications Manager are potentially affected by CVE-2014-2185.
What type of information can be exposed by CVE-2014-2185?
CVE-2014-2185 can expose sensitive information through extraneous fields in an HTML document.
Is CVE-2014-2185 a remote or local vulnerability?
CVE-2014-2185 is considered a remote vulnerability, as it can be exploited by authenticated users from a remote location.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/cisco
- canonical/cisco unified communications manager session management edition