Authentication Vulnerability in Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2193

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Web And E-mail Interaction Manager
Vendor: CVE Published:; 20 May 2014

What is CVE-2014-2193?

The Cisco Unified Web and E-Mail Interaction Manager has a flaw that places session identifiers in GET requests. This enables remote attackers to exploit valid session identifiers, leading to the potential injection of malicious conversation text. This vulnerability emphasizes the critical nature of securing session management practices within web applications to prevent unauthorized access and exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2014
Vulnerability Reserved
Feb 25, 2014