CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6440
https://notcve.org/view.php?id=CVE-2016-6440
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). El Cisco Unified Communications Manager (CUCM) puede ser vulnerable a los datos que se pueden mostrar dentro de un marco en una página web, lo que a su vez puede llevar a un ataque de clickjacking. • http://www.securityfocus.com/bid/93521 http://www.securitytracker.com/id/1037005 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6364
https://notcve.org/view.php?id=CVE-2016-6364
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. La implementación de la API User Data Services (UDS) en Cisco Unified Communications Manager 11.5 permite a atacantes remotos eludir las restricciones destinadas al acceso y obtener información sensible a través de llamadas a la API no especificadas, también conocido como Bug ID CSCux67855. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm http://www.securityfocus.com/bid/92517 http://www.securitytracker.com/id/1036650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •