CVE-2022-20800

Summary: CVE-2022-20800 describes a cross-site scripting (XSS) vulnerability in Cisco Unified Communications Manager family web interfaces (CUCM, Unified CM SME, Unified CM IM&P, and Unity Connection). The issue stems from improper validation of user-supplied input in the web-based management int...

CVE-2022-20752

CVE-2022-20752 affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. The issue is a timing attack caused by insufficient protection of a system password, enabling an unauthenticated remote attacker to infer a...

CVE-2022-20752

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

Cisco Unified Communications Manager 和 Cisco Unity Connection安全漏洞

Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...

PT-2022-3510 · Cisco · Cisco Unity Connection +2

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager versions affected versions not specified Cisco Unified Communications Manager IM & Presence Service versions affected versions not specified Cisco Unity Connection versions affected versions not specified...

The vulnerability in the web interface of the Cisco Unified Communications Manager (CM), Cisco Unified Communications Manager Session Management Edition (SME), and the integrated messaging system Cisco Unity Connection allows a perpetrator to perform cross-site scripting attacks.

The vulnerability of the Web interface for managing Cisco Unified Communications Manager CM, Cisco Unified Communications Manager Session Management Edition SME, and the integrated messaging system Cisco Unity Connection is related to the lack of security measures taken to protect the web page...

CVE-2022-20788

The CVE-2022-20788 issue affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. It is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-...

Cisco Unity Connection和Cisco Unified Communications Manager 跨站脚本漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. A cross-site scripting vulnerability exists in Unified CM an...

Cisco Unity Connect Path Traversal (cisco-sa-cucm-path-trav-dKCvktvO)

The version of Cisco Unity Connection installed on the remote host is prior to 14SU1. It is, therefore, affected by a path traversal vulnerability in the web-based management interface that allows an authenticated, remote attacker to access sensitive data. This is caused by improperly validated...

Cisco Unity Connection 和 Cisco Unified Communications Manager 路径遍历漏洞

Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...

Cisco Unity Connection XSS (cisco-sa-cucm-xss-Q4PZcNzJ)

The Cisco Unity Connection installed on the remote host is prior to version 14. It is, therefore, affected by multiple cross-site Scripting vulnerabilities. Multiple vulnerabilities in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to...

Cisco Unity Connection RCE (cisco-sa-cucm-rce-pqVYwyb)

The version of Cisco Unity Connection installed on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, by sending a SOAP API request with crafted parameters, in order to execu...

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems allows a perpetrator to perform cross-site scripting (XSS) attacks.

The vulnerability in the web interface for managing Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor...

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems allows a perpetrator to perform cross-site scripting (XSS) attacks.

The vulnerability in the web interface for managing Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor...

CVE-2021-1408

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

CVE-2021-1408

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

CVE-2021-1362 Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remo...

Cisco Unified Communications Manager and Cisco Unity Connection Code Injection Vulnerabilities

Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...

The vulnerability of the SOAP API interfaces of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection—an integrated messaging system—allows a perpetrator to execute arbitrary code. The Cisco Prime License Manager (PLM) licensing management tool also exposes vulnerabilities that enable a perpetrator to perform arbitrary actions.

The vulnerability of the SOAP API interfaces of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection—an integrated messaging system—as well as the Cisco Pri...

Cisco Unified Communications Manager和Cisco Unity Connection 代码注入漏洞

Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...