Test ID:	1.3.6.1.4.1.25623.1.0.106190
Category:	CISCO
Title:	Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160817-ucm)
Summary:	A vulnerability in the User Data Services (UDS) Application; Programming Interface (API) for Cisco Unified Communications Manager could allow an; unauthenticated, remote attacker to view confidential information that should require; authentication.
Description:	Summary: A vulnerability in the User Data Services (UDS) Application Programming Interface (API) for Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view confidential information that should require authentication. Vulnerability Insight: The vulnerability is due to improper authentication controls for certain information returned by the UDS API. An attacker could exploit this vulnerability by accessing the UDS API. Vulnerability Impact: An exploit could allow the attacker to view certain information that is confidential and should require authentication to retrieve via the UDS API. Affected Software/OS: Cisco Unified Communications Manager version 11.5. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6364 BugTraq ID: 92517 http://www.securityfocus.com/bid/92517 Cisco Security Advisory: 20160817 Cisco Unified Communications Manager Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm http://www.securitytracker.com/id/1036650
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.