Sign-up

ID

VAR-201512-0420


CVE

CVE-2015-6387


TITLE

Cisco Unified Computing System Central Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-006120 // CNNVD: CNNVD-201512-040

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCux33573. The software provides policy-based automated servers to improve IT productivity and centralized fault overview to quickly resolve issues, among other features

Trust: 1.98

sources: NVD: CVE-2015-6387 // JVNDB: JVNDB-2015-006120 // BID: 78415 // VULHUB: VHN-84348

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.3\(0.1\)

Trust: 1.6

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.3(0.1)

Trust: 1.1

sources: BID: 78415 // JVNDB: JVNDB-2015-006120 // CNNVD: CNNVD-201512-040 // NVD: CVE-2015-6387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6387
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6387
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-040
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84348
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6387
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84348
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84348 // JVNDB: JVNDB-2015-006120 // CNNVD: CNNVD-201512-040 // NVD: CVE-2015-6387

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84348 // JVNDB: JVNDB-2015-006120 // NVD: CVE-2015-6387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-040

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201512-040

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006120

PATCH
title:cisco-sa-20151201-ucsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs
Trust: 0.8
title:Cisco Unified Computing System Central Software Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58904
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006120 // 
            
            
            
            CNNVD: CNNVD-201512-040

EXTERNAL IDS
db:NVDid:CVE-2015-6387
Trust: 2.8
db:SECTRACKid:1034275
Trust: 1.1
db:JVNDBid:JVNDB-2015-006120
Trust: 0.8
db:CNNVDid:CNNVD-201512-040
Trust: 0.7
db:BIDid:78415
Trust: 0.4
db:VULHUBid:VHN-84348
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84348 // 
            
            
            
            BID: 78415 // 
            
            
            
            JVNDB: JVNDB-2015-006120 // 
            
            
            
            CNNVD: CNNVD-201512-040 // 
            
            
            
            NVD: CVE-2015-6387

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151201-ucs
Trust: 1.7
url:http://www.securitytracker.com/id/1034275
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6387
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6387
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151201-ucs 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84348 // 
            
            
            
            BID: 78415 // 
            
            
            
            JVNDB: JVNDB-2015-006120 // 
            
            
            
            CNNVD: CNNVD-201512-040 // 
            
            
            
            NVD: CVE-2015-6387

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 78415

SOURCES
db:VULHUBid:VHN-84348
db:BIDid:78415
db:JVNDBid:JVNDB-2015-006120
db:CNNVDid:CNNVD-201512-040
db:NVDid:CVE-2015-6387

LAST UPDATE DATE
2025-04-13T23:25:11.317000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84348date:2017-09-14T00:00:00
db:BIDid:78415date:2015-12-01T00:00:00
db:JVNDBid:JVNDB-2015-006120date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201512-040date:2015-12-07T00:00:00
db:NVDid:CVE-2015-6387date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84348date:2015-12-05T00:00:00
db:BIDid:78415date:2015-12-01T00:00:00
db:JVNDBid:JVNDB-2015-006120date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201512-040date:2015-12-07T00:00:00
db:NVDid:CVE-2015-6387date:2015-12-05T03:59:02.750