CVE-2014-3283

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Domain Manager (CDM) versions 9.0(.1) and earlier

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. This is related to an open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS.

Recommendations For versions 9.0(.1) and earlier, update to a version later than 9.0(.1) to resolve the issue. As a temporary workaround, consider restricting access to the Self-Care Client Portal to minimize the risk of exploitation. Avoid using crafted URLs in the affected web framework until the issue is resolved.