{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-14T17:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911"}, {"name": "1029792", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029792"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-0736", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911"}, {"name": "1029792", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029792"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.146Z"}, "title": "CVE Program Container", "references": [{"name": "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911"}, {"name": "1029792", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029792"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-0736", "datePublished": "2014-02-20T02:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:27:19.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F66EDBF-F735-4E44-B650-39FCE806535A", "versionEndIncluding": "10.0\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "matchCriteriaId": "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "matchCriteriaId": "0E9BF838-87A2-43B8-975B-524D7F954BF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "matchCriteriaId": "9600EA23-5428-4312-A38E-480E3C3228BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC830649-C0D4-4FFC-8701-80FB4A706F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "935D2815-7146-4125-BDBE-BFAA62A88EC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "matchCriteriaId": "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la p\u00e1gina Call Detail Records Analysis and Reporting (CAR) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que realizan modificaciones CAR, tambi\u00e9n conocido como Bug ID CSCum46468."}], "id": "CVE-2014-0736", "lastModified": "2024-11-21T02:02:42.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-20T05:18:04.267", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1029792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029792"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}

{}