{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Cisco Unified Communications Manager versions 6.x ant\u00e9rieures \u00e0 6.1(3) ;","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Unified CallManager versions 4.1 ;","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Unified Communications Manager versions 5.x ant\u00e9rieures \u00e0 5.1(3e) ;","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Unified Communications Manager versions 4.3 ant\u00e9rieures \u00e0 4.3(2)SR1b ;","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Unified Communications Manager versions 7.0 ant\u00e9rieures \u00e0 7.0(2).","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Unified Communications Manager versions 4.2 ant\u00e9rieures \u00e0 4.2(3)SR4b ;","product":{"name":"Unified Communications Manager","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le m\u00e9canisme de synchronisation\ndes carnets d'adresses (Personal Address Book - PAB) dans Cisco Unified\nCommunications Manager (autrefois appel\u00e9 CallManager). Lorsqu'un client\nde synchronisation PAB s'authentifie aupr\u00e8s d'un serveur Cisco Unified\nCommunications Manager (via une connexion HTTPS), des identifiants d'un\ncompte d'administration sont renvoy\u00e9s \u00ab en clair \u00bb. Un attaquant peut\nintercepter ces identifiants.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-0632","url":"https://www.cve.org/CVERecord?id=CVE-2009-0632"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Cisco 20090311-cucmpab du 11 mars 2009    :","url":"http://www.cisco.com/warp/public/707/cisco-sa-20090311-cucmpab.shtml"}],"reference":"CERTA-2009-AVI-095","revisions":[{"description":"version initiale.","revision_date":"2009-03-16T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans <span class=\"textit\">Cisco Unified Communications\nManager</span> permet d'acc\u00e9der \u00e0 un compte d'administration de\nl'application.\n","title":"Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications Manager","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 cisco-sa-20090311-cucmpab du 11 mars 2009","url":null}]}