Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
2008-10-13T20:00:02.463
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | unity | ≤ 4.2\(1\) | Yes |
| Application | cisco | unity | ≤ 5.0\(1\) | Yes |
| Application | cisco | unity | ≤ 7.0\(2\) | Yes |
| Application | cisco | unity | 4.0 | Yes |
| Application | cisco | unity | 4.0\(1\) | Yes |
| Application | cisco | unity | 4.0\(2\) | Yes |
| Application | cisco | unity | 4.0\(3\) | Yes |
| Application | cisco | unity | 4.0\(3\) | Yes |
| Application | cisco | unity | 4.0\(4\) | Yes |
| Application | cisco | unity | 4.0\(4\) | Yes |
| Application | cisco | unity | 4.0\(5\) | Yes |
| Application | cisco | unity | 4.1\(1\) | Yes |
| Application | cisco | unity | 5.0 | Yes |
| Application | cisco | unity | 7.0 | Yes |