Details of VAR-201405-0469

ID

VAR-201405-0469

CVE

CVE-2014-2192

TITLE

Cisco Unified Web and E-mail Interaction Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-002545

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuj43033. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites

Trust: 2.07

sources: NVD: CVE-2014-2192 // JVNDB: JVNDB-2014-002545 // BID: 67464 // VULHUB: VHN-70131 // VULMON: CVE-2014-2192

AFFECTED PRODUCTS

vendor:	cisco	model:	unified web and e-mail interaction manager	scope:	eq	version:	9.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified web and e-mail interaction manager	scope:	eq	version:	9.0(2)	Trust: 0.8

sources: JVNDB: JVNDB-2014-002545 // CNNVD: CNNVD-201405-378 // NVD: CVE-2014-2192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2192
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2192
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-378
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70131
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-2192
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2192
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70131
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70131 // VULMON: CVE-2014-2192 // JVNDB: JVNDB-2014-002545 // CNNVD: CNNVD-201405-378 // NVD: CVE-2014-2192

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-70131 // JVNDB: JVNDB-2014-002545 // NVD: CVE-2014-2192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-378

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-378

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002545

PATCH

title:	Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2192	Trust: 0.8
title:	34260	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34269	Trust: 0.8
title:	Cisco: Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140519-CVE-2014-2192	Trust: 0.1

sources: VULMON: CVE-2014-2192 // JVNDB: JVNDB-2014-002545

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2192	Trust: 2.9
db:	BID	id:	67464	Trust: 1.5
db:	JVNDB	id:	JVNDB-2014-002545	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-378	Trust: 0.7
db:	CISCO	id:	20140516 CISCO UNIFIED WEB AND E-MAIL INTERACTION MANAGER CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-70131	Trust: 0.1
db:	VULMON	id:	CVE-2014-2192	Trust: 0.1

sources: VULHUB: VHN-70131 // VULMON: CVE-2014-2192 // BID: 67464 // JVNDB: JVNDB-2014-002545 // CNNVD: CNNVD-201405-378 // NVD: CVE-2014-2192

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2192	Trust: 1.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34269	Trust: 1.8
url:	http://www.securityfocus.com/bid/67464	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2192	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2192	Trust: 0.8
url:	www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140519-cve-2014-2192	Trust: 0.1

sources: VULHUB: VHN-70131 // VULMON: CVE-2014-2192 // BID: 67464 // JVNDB: JVNDB-2014-002545 // CNNVD: CNNVD-201405-378 // NVD: CVE-2014-2192

CREDITS

Cisco

Trust: 0.3

sources: BID: 67464

SOURCES

db:	VULHUB	id:	VHN-70131
db:	VULMON	id:	CVE-2014-2192
db:	BID	id:	67464
db:	JVNDB	id:	JVNDB-2014-002545
db:	CNNVD	id:	CNNVD-201405-378
db:	NVD	id:	CVE-2014-2192

LAST UPDATE DATE

2025-04-13T23:25:24.661000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70131	date:	2015-09-16T00:00:00
db:	VULMON	id:	CVE-2014-2192	date:	2015-09-16T00:00:00
db:	BID	id:	67464	date:	2014-05-21T00:42:00
db:	JVNDB	id:	JVNDB-2014-002545	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-378	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-2192	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70131	date:	2014-05-20T00:00:00
db:	VULMON	id:	CVE-2014-2192	date:	2014-05-20T00:00:00
db:	BID	id:	67464	date:	2014-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002545	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-378	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-2192	date:	2014-05-20T11:13:37.407