CVE-2019-15968 Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

CVE-2019-15968 Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

Input validation

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

CVE-2019-1911 Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

Cisco Unified CDM platform exposure of privileged accounts and static passwords-vulnerability warning-the black bar safety net

! Cisco's Unified CDM communications domain Manager was revealed to contain a default that cannot be modified privileged accounts and the use of static password, the attacker can use the platform to remote attacks and intrusions. Vulnerability Cisco's Unified CDM is a Cisco hosted collaboration...

Hardcoded credentials

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

Improper access control

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager CDM in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041...

CVE-2014-2197

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager CDM in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID...