CVE-2019-1860 (CNNVD-201905-706)
中文标题:
Cisco Unified Intelligence Center 安全漏洞
英文标题:
Cisco Unified Intelligence Center Remote File Injection Vulnerability
漏洞描述
中文描述:
Cisco Unified Intelligence Center是美国思科(Cisco)公司的一套基于Web的报表平台。该平台提供报告相关的业务数据和呼叫中心数据的展示功能。 Cisco Unified Intelligence Center 12.0(1)版本中存在安全漏洞。远程攻击者可通过迫使用户加载恶意的小工具利用该漏洞获取敏感信息(例如,当前用户凭证)或操纵Cisco Unified Intelligence Center与浏览器之间的数据。
英文描述:
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Unified Intelligence Center | - | < n/a | - |
cpe:2.3:a:cisco:cisco_unified_intelligence_center:*:*:*:*:*:*:*:*
|
| cisco | unified_intelligence_center | 12.0\(1\) | - | - |
cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1860 |
2025-11-11 15:20:08 | 2025-11-11 07:35:40 |
| NVD | nvd_CVE-2019-1860 |
2025-11-11 14:56:22 | 2025-11-11 07:44:10 |
| CNNVD | cnnvd_CNNVD-201905-706 |
2025-11-11 15:10:12 | 2025-11-11 07:54:33 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-201905-706
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']