admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-32xx/CVE-2020-3282.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

235 lines
9.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-3282",
"sourceIdentifier": "psirt@cisco.com",
"published": "2020-07-02T13:15:10.220",
"lastModified": "2024-11-21T05:30:43.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Edition, Cisco Unified Communications Manager IM & Presence Service y Cisco Unity Connection, podr\u00edan permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz.\nLa vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente suministrada por el usuario mediante la interfaz de administraci\u00f3n basada en web del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace dise\u00f1ado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5\\(2\\)",
"versionEndExcluding": "10.5\\(2\\)su10",
"matchCriteriaId": "6589768C-B5E7-4527-B73C-1C7F82FF7238"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"versionStartIncluding": "10.5\\(2\\)",
"versionEndExcluding": "10.5\\(2\\)su10",
"matchCriteriaId": "4337322A-FFAF-4F6B-8A15-D7CF9E7CDF92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5\\(1\\)",
"versionEndExcluding": "11.5\\(1\\)su8",
"matchCriteriaId": "3A4D4EEF-A737-4E4D-84CE-CB9F2A9C0E56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"versionStartIncluding": "11.5\\(1\\)",
"versionEndExcluding": "11.5\\(1\\)su8",
"matchCriteriaId": "55C61CF9-D342-4D02-AA85-01386779A9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "709D4331-927A-46F9-859E-E6369939DF8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*",
"matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*",
"matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5\\(2\\)",
"versionEndExcluding": "10.5\\(2\\)su10",
"matchCriteriaId": "902BB9E5-23BD-42EA-B1BA-C28CC2D8E754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5\\(1\\)",
"versionEndExcluding": "11.5\\(1\\)su8",
"matchCriteriaId": "BF318B81-8D9B-4B29-8E72-31484B8E8544"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "589832AB-CA04-4EBA-873A-385FA52541D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5\\(2\\)",
"versionEndExcluding": "10.5\\(2\\)su10",
"matchCriteriaId": "0FD20EA9-F6C5-437A-A87E-4F60426AE918"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5\\(1\\)",
"versionEndExcluding": "11.5\\(1\\)su8",
"matchCriteriaId": "18FE6B9F-556E-460E-9DD4-4E05566AF7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "03BF7E52-63A5-4616-A524-839EC9CD3F67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C9DD393-7E10-4EE5-9FB4-855F3231F989"
}
]
}
]
}
],
"references": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp",
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink