Authentication Vulnerability in Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2193

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Web And E-mail Interaction Manager
Vendor
CVE Published:
20 May 2014

Summary

The Cisco Unified Web and E-Mail Interaction Manager has a flaw that places session identifiers in GET requests. This enables remote attackers to exploit valid session identifiers, leading to the potential injection of malicious conversation text. This vulnerability emphasizes the critical nature of securing session management practices within web applications to prevent unauthorized access and exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.