HIGH✓ PATCH🇬🇧 English

CVE-2013-1221

CVSS 10.0v2.0pub. 2013-05-09upd. 2026-04-29

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Cisco Unified Customer Voice Portal

    APP
    Cisco
    3.03.6\(10\)4.04.0\(2\)4.17.07.0\(2\)8.0\(1\)8.5\(1\)9.0≤ 9.0\(1\)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2020-3402HIGH7.5ten sam produkt

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (C...

CVE-2018-0139HIGH8.6ten sam produkt

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Cust...

CVE-2018-0086HIGH8.6ten sam produkt

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unau...

CVE-2017-12214HIGH8.8ten sam produkt

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset funct...

CVE-2013-1222HIGH7.8ten sam produkt

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 doe...