CVE-2015-0599 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-0599

CWE

https://cwe.mitre.org/data/definitions/254.html

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a cross-frame scripting (XFS) issue, aka Bug ID CSCuf50138.

Affected Software

Name	Vendor	Start Version	End Version
Unified_computing_system	Cisco	- (including)	- (including)

References

http://secunia.com/advisories/62762
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0599
http://tools.cisco.com/security/center/viewAlert.x?alertId=37324
http://www.securityfocus.com/bid/72509
https://exchange.xforce.ibmcloud.com/vulnerabilities/100614