8 matches found
CVE-2022-20816
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This...
CVE-2021-1363 Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...
CVE-2018-0328
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-05344)
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)
Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...
The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.
The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...
Cisco Unified Communications Manager SQL Injection Vulnerability
Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A security vulnerability exists in Cisco Unified Communications Manager 11.0 0.98000.225 that does not validate user input within a SQL query. An attacker sending a URL containing an SQL statement cou...
Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...