Vulnerability-Lookup

CVE-2015-4274 (GCVE-0-2015-4274)

Vulnerability from cvelistv5 – Published: 2015-07-16 19:00 – Updated: 2024-08-06 06:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2015-4274

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4274

Aliases

CVE-2015-4274

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4274",
    "description": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.",
    "id": "GSD-2015-4274"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4274"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.",
      "id": "GSD-2015-4274",
      "modified": "2023-12-13T01:19:59.849236Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4274",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032962",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032962"
          },
          {
            "name": "20150715 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_intelligence_center:10.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_intelligence_center:10.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4274"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150715 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
            },
            {
              "name": "1032962",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032962"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-22T01:29Z",
      "publishedDate": "2015-07-16T19:59Z"
    }
  }
}

VAR-201507-0504

Vulnerability from variot - Updated: 2025-07-31 23:43

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. Vendors have confirmed this vulnerability Bug ID CSCuu94862 and CSCuu97936 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDsCSCuu94862 and CSCuu97936. The platform provides functions such as report-related business data and comprehensive display of call center data

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0504",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.6\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "10.6(1)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "10.0(1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:unified_intelligence_center",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75916"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4274",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-4274",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-82235",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4274",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4274",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-632",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82235",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. Vendors have confirmed this vulnerability Bug ID CSCuu94862 and CSCuu97936 It is released as.A third party may be able to hijack the authentication of any user. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThis issue is being tracked by Cisco Bug IDsCSCuu94862 and CSCuu97936. The platform provides functions such as report-related business data and comprehensive display of call center data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "BID",
        "id": "75916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4274",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032962",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "75916",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-82235",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "db": "BID",
        "id": "75916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "id": "VAR-201507-0504",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-07-31T23:43:14.089000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39920",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39920"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032962"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4274"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4274"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "db": "BID",
        "id": "75916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "db": "BID",
        "id": "75916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "BID",
        "id": "75916"
      },
      {
        "date": "2015-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "date": "2015-07-16T19:59:01.007000",
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82235"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "BID",
        "id": "75916"
      },
      {
        "date": "2015-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      },
      {
        "date": "2025-07-31T15:03:24.870000",
        "db": "NVD",
        "id": "CVE-2015-4274"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Intelligence Center of  Web Cross-site request forgery vulnerability in framework",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003854"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-632"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-04963

Vulnerability from cnvd - Published: 2015-07-28

Title

Cisco Unified Intelligence Center跨站请求伪造漏洞（CNVD-2015-04963）

Description

Cisco Unified Intelligence Center是一款统一情报管理中心。 Cisco Unified Intelligence Center WEB接口存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。

Severity

中

Patch Name

Cisco Unified Intelligence Center跨站请求伪造漏洞（CNVD-2015-04963）的补丁

Patch Description

Cisco Unified Intelligence Center是一款统一情报管理中心。 Cisco Unified Intelligence Center WEB接口存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/viewAlert.x?alertId=39920

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39920

Impacted products

Name
['Cisco Unified Intelligence Center 10.6(1)', 'Cisco Unified Intelligence Center 10.0(1)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75916"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4274"
    }
  },
  "description": "Cisco Unified Intelligence Center\u662f\u4e00\u6b3e\u7edf\u4e00\u60c5\u62a5\u7ba1\u7406\u4e2d\u5fc3\u3002\r\n\r\nCisco Unified Intelligence Center WEB\u63a5\u53e3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39920",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04963",
  "openTime": "2015-07-28",
  "patchDescription": "Cisco Unified Intelligence Center\u662f\u4e00\u6b3e\u7edf\u4e00\u60c5\u62a5\u7ba1\u7406\u4e2d\u5fc3\u3002\r\n\r\nCisco Unified Intelligence Center WEB\u63a5\u53e3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Intelligence Center\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2015-04963\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified Intelligence Center 10.6(1)",
      "Cisco Unified Intelligence Center 10.0(1)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-20",
  "title": "Cisco Unified Intelligence Center\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2015-04963\uff09"
}

FKIE_CVE-2015-4274

Vulnerability from fkie_nvd - Published: 2015-07-16 19:59 - Updated: 2025-07-31 15:03

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39920	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032962
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39920	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032962

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	10.0\(1\)
	cisco	unified_intelligence_center	10.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "46F63F7E-C9D1-4474-ABBF-77189E05AC42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9876F-1048-4E47-B441-16F517B7A41D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF en el Framework Web en Cisco Unified Intelligence Center 10.0 (1) y 10.6 (1), permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug IDs CSCuu94862 y CSCuu97936."
    }
  ],
  "id": "CVE-2015-4274",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-16T19:59:01.007",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032962"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P7CQ-2788-6MQ9

Vulnerability from github – Published: 2022-05-17 00:48 – Updated: 2022-05-17 00:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-16T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.",
  "id": "GHSA-p7cq-2788-6mq9",
  "modified": "2022-05-17T00:48:54Z",
  "published": "2022-05-17T00:48:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4274"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032962"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4274 (GCVE-0-2015-4274)

GSD-2015-4274

VAR-201507-0504

CNVD-2015-04963

FKIE_CVE-2015-4274

GHSA-P7CQ-2788-6MQ9

Tags

Sightings

Nomenclature