CVE-2014-0733
Cisco Unified Communications Manager < 10.0(1) - Unauthenticated Information Disclosure via ELM Direct URL Access
Title source: llmDescription
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=32914
Scores
EPSS
0.0180
EPSS Percentile
75.7%
Details
CWE
CWE-287
Status
published
Products (18)
cisco/unified_communications_manager
3.3\(5\)
cisco/unified_communications_manager
3.3\(5\)sr1
cisco/unified_communications_manager
3.3\(5\)sr2a
cisco/unified_communications_manager
4.1\(3\)
cisco/unified_communications_manager
4.1\(3\)sr1
cisco/unified_communications_manager
4.1\(3\)sr2
cisco/unified_communications_manager
4.1\(3\)sr3
cisco/unified_communications_manager
4.1\(3\)sr4
cisco/unified_communications_manager
4.2
cisco/unified_communications_manager
4.2.1
... and 8 more
Published
Feb 20, 2014
Tracked Since
Feb 18, 2026