CVE-2013-6978

Cisco Unified Communications Manager < 9.1(1) - Authenticated Sensitive Information Exposure via DRS HTML Source

Title source: llm
STIX 2.1

Description

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101162
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029520
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89834
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64421

Scores

EPSS 0.0209
EPSS Percentile 79.4%

Details

CWE
CWE-200
Status published
Products (50)
cisco/unified_communications_manager 3.3\(5\)
cisco/unified_communications_manager 3.3\(5\)sr1
cisco/unified_communications_manager 3.3\(5\)sr2a
cisco/unified_communications_manager 4.1\(3\)
cisco/unified_communications_manager 4.1\(3\)sr1
cisco/unified_communications_manager 4.1\(3\)sr2
cisco/unified_communications_manager 4.1\(3\)sr3
cisco/unified_communications_manager 4.1\(3\)sr4
cisco/unified_communications_manager 4.2
cisco/unified_communications_manager 4.2.1
... and 40 more
Published Dec 21, 2013
Tracked Since Feb 18, 2026