Description
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2193
Scores
EPSS
0.0096
EPSS Percentile
57.3%
Details
CWE
CWE-20
Status
published
Products (1)
cisco/unified_web_and_e-mail_interaction_manager
Published
May 20, 2014
Tracked Since
Feb 18, 2026