CVE-2018-15403

Name of the Vulnerable Software and Affected Versions Cisco Emergency Responder (affected versions not specified) Cisco Unified Communications Manager (affected versions not specified) Cisco Unified Communications Manager IM & Presence Service (affected versions not specified) Cisco Unity Connection (affected versions not specified)

Description The issue is related to improper input validation of HTTP request parameters, allowing an authenticated, remote attacker to redirect users to a malicious web page through an open redirect attack. This can be used in phishing attacks to trick users into visiting malicious sites.

Recommendations For Cisco Emergency Responder, update to a version that fixes the improper input validation issue. For Cisco Unified Communications Manager, update to a version that fixes the improper input validation issue. For Cisco Unified Communications Manager IM & Presence Service, update to a version that fixes the improper input validation issue. For Cisco Unity Connection, update to a version that fixes the improper input validation issue.