HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2013-1221

CVSS 10.0v2.0pub. 2013-05-09upd. 2026-04-29

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Cisco Unified Customer Voice Portal

    APP
    Cisco
    3.03.6\(10\)4.04.0\(2\)4.17.07.0\(2\)8.0\(1\)8.5\(1\)9.0≤ 9.0\(1\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-3402HIGH7.5ten sam produkt

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (C...

CVE-2018-0139HIGH8.6ten sam produkt

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Cust...

CVE-2018-0086HIGH8.6ten sam produkt

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unau...

CVE-2017-12214HIGH8.8ten sam produkt

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset funct...

CVE-2013-1222HIGH7.8ten sam produkt

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 doe...