CVEブラウザに戻る

CVE-2014-2115

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1050%

EPSS Percentile42.14th

Published2014年4月4日

Last Modified2026年5月6日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.

Affected Platforms (CPE)

📦

Cisco

Emergency Responder

<= 8.6

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115

🔗 http://tools.cisco.com/security/center/viewAlert.x?alertId=33643

🔗 http://www.securityfocus.com/bid/66631

🔗 http://www.securitytracker.com/id/1030019

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115

🔗 http://tools.cisco.com/security/center/viewAlert.x?alertId=33643

🔗 http://www.securityfocus.com/bid/66631

🔗 http://www.securitytracker.com/id/1030019

関連する脆弱性情報

CVE-2008-115410.0

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Man...

CVE-2016-64688.8

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2015-64056.8

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijac...