Cisco Unified Communications Products could allow a remote authenticated attacker to obtain sensitive information, caused by improper file permission restrictions. By sending a specially-crafted command from the API to the application, an attacker could exploit this vulnerability to read arbitrary files on the underlying operating system, and use this information to launch further attacks against the affected system.
Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user-supplied input. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Apache Superset 1.5.0
Upgrade to the latest version of Apache Superset, available from the Apache Web site.