CVE-2014-8000
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
21/11/2014
Last modified:
12/04/2025
Description
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:9.1\(1\):*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/62558
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36467
- http://www.securityfocus.com/bid/71173
- http://www.securitytracker.com/id/1031240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98786
- http://secunia.com/advisories/62558
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36467
- http://www.securityfocus.com/bid/71173
- http://www.securitytracker.com/id/1031240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98786