Vulnerability-Lookup

CVE-2015-0716 (GCVE-0-2015-0716)

Vulnerability from cvelistv5 – Published: 2015-05-07 01:00 – Updated: 2024-08-06 04:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2015-0716

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0716

Aliases

CVE-2015-0716

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0716",
    "description": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.",
    "id": "GSD-2015-0716"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0716"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.",
      "id": "GSD-2015-0716",
      "modified": "2023-12-13T01:19:58.330883Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-0716",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150505 Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
          },
          {
            "name": "1032259",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032259"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.332\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0716"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150505 Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
            },
            {
              "name": "1032259",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032259"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2015-09-10T16:10Z",
      "publishedDate": "2015-05-07T01:59Z"
    }
  }
}

FKIE_CVE-2015-0716

Vulnerability from fkie_nvd - Published: 2015-05-07 01:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=38675	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032259
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=38675	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032259

Impacted products

	Vendor	Product	Version
	cisco	unity_connection	11.0\(0.98000.225\)
	cisco	unity_connection	11.0\(0.98000.332\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1961B4F5-C2E1-41C3-AD4A-F3ABA03EFD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.332\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E9973BA-EC31-459A-9E10-4C0F6D5D6C4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en la p\u00e1gina CUCReports en Cisco Unity Connection 11.0(0.98000.225) y 11.0(0.98000.332) permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCut33659."
    }
  ],
  "id": "CVE-2015-0716",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-07T01:59:04.420",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032259"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-02918

Vulnerability from cnvd - Published: 2015-05-08

Title

Cisco Unity Connection CUCReports页面跨站请求伪造漏洞

Description

Cisco Unity Connection是美国思科（Cisco）公司的一套语音留言平台。 Cisco Unity Connection CUCReports页面存在跨站请求伪造漏洞，允许攻击者利用此漏洞劫持任意用户的身份验证。

Severity

中

Patch Name

Cisco Unity Connection CUCReports页面跨站请求伪造漏洞

Patch Description

Cisco Unity Connection是美国思科（Cisco）公司的一套语音留言平台。 Cisco Unity Connection CUCReports页面存在跨站请求伪造漏洞，允许攻击者利用此漏洞劫持任意用户的身份验证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://tools.cisco.com/security/center/viewAlert.x?alertId=38675

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0716

Impacted products

Name
['Cisco Unity Connection 11.0(0.98000.225)', 'Cisco Unity Connection 11.0(0.98000.332)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0716"
    }
  },
  "description": "Cisco Unity Connection\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8bed\u97f3\u7559\u8a00\u5e73\u53f0\u3002\r\n\r\nCisco Unity Connection CUCReports\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u52ab\u6301\u4efb\u610f\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=38675",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02918",
  "openTime": "2015-05-08",
  "patchDescription": "Cisco Unity Connection\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8bed\u97f3\u7559\u8a00\u5e73\u53f0\u3002\r\n\r\nCisco Unity Connection CUCReports\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u52ab\u6301\u4efb\u610f\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unity Connection CUCReports\u9875\u9762\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e",
  "products": {
    "product": [
      "Cisco Unity Connection 11.0(0.98000.225)",
      "Cisco Unity Connection 11.0(0.98000.332)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0716",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-07",
  "title": "Cisco Unity Connection CUCReports\u9875\u9762\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

VAR-201505-0134

Vulnerability from variot - Updated: 2025-04-12 23:32

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. Vendors have confirmed this vulnerability Bug ID CSCut33659 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCut33659. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0134",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0\\(0.98000.225\\)"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0\\(0.98000.332\\)"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "11.0(0.98000.332)"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unity_connection",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "74471"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0716",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-0716",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-78662",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0716",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-0716",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-030",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78662",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. Vendors have confirmed this vulnerability Bug ID CSCut33659 It is released as.A third party may be able to hijack the authentication of any user. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThis issue is being tracked by Cisco Bug ID CSCut33659. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages \"hands-free\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "BID",
        "id": "74471"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0716",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032259",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "64399",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "74471",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-78662",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "db": "BID",
        "id": "74471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "id": "VAR-201505-0134",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-12T23:32:50.852000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "38675",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38675"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032259"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0716"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0716"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/64399"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6509/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "db": "BID",
        "id": "74471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "db": "BID",
        "id": "74471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "date": "2015-05-05T00:00:00",
        "db": "BID",
        "id": "74471"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "date": "2015-05-07T01:59:04.420000",
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78662"
      },
      {
        "date": "2015-05-05T00:00:00",
        "db": "BID",
        "id": "74471"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-0716"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unity Connection of  CUCReports Page cross-site request forgery vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002542"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-030"
      }
    ],
    "trust": 0.6
  }
}

GHSA-2MC3-G4MP-F2PJ

Vulnerability from github – Published: 2022-05-17 04:07 – Updated: 2022-05-17 04:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-07T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.",
  "id": "GHSA-2mc3-g4mp-f2pj",
  "modified": "2022-05-17T04:07:47Z",
  "published": "2022-05-17T04:07:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0716"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032259"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0716 (GCVE-0-2015-0716)

GSD-2015-0716

FKIE_CVE-2015-0716

CNVD-2015-02918

VAR-201505-0134

GHSA-2MC3-G4MP-F2PJ

Tags

Sightings

Nomenclature