{ "id": "CVE-2014-0746", "sourceIdentifier": "ykramarz@cisco.com", "published": "2014-02-27T01:55:03.430", "lastModified": "2015-08-01T01:35:16.390", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536." }, { "lang": "es", "value": "El componente disaster recovery system (DRS) en Cisco Unified Contact Center Express (Unified CCX) permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de campos extra\u00f1os en un documento HTML, tambi\u00e9n conocido como Bug ID CSCum95536." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "14E9EB78-63EF-44CC-842B-1252E2807597" } ] } ] } ], "references": [ { "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securitytracker.com/id/1029842", "source": "ykramarz@cisco.com" } ] }