CVE-2016-6364: Infoleak
First published: Tue Aug 23 2016(Updated: )
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager Session Management Edition | =11.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6364?
CVE-2016-6364 is considered a high severity vulnerability due to its ability to bypass access restrictions.
How do I fix CVE-2016-6364?
To fix CVE-2016-6364, update your Cisco Unified Communications Manager to a patched version as recommended by Cisco.
What type of attacks can CVE-2016-6364 facilitate?
CVE-2016-6364 can facilitate unauthorized access to sensitive information through its API.
Who is affected by CVE-2016-6364?
CVE-2016-6364 affects users of Cisco Unified Communications Manager version 11.5.0.
Is there a workaround for CVE-2016-6364?
There are no known workarounds for CVE-2016-6364; the only mitigation is to apply the appropriate software update.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager session management edition
- version/cisco unified communications manager session management edition/11.5.0