Lucene search
K
CiscoHosted Collaboration Solution

15 matches found

CVE
CVE
added 2017/09/15 7:0 p.m.1493 views

CVE-2017-9805

CVE-2017-9805 affects the Apache Struts 2 REST plugin. The REST plugin uses an XStreamHandler with an XStream instance to deserialize XML without any type filtering, enabling remote code execution when processing crafted XML payloads. Affected versions are Struts 2.1.1–2.3.x before 2.3.34 and 2.5...

8.1CVSS8.4AI score0.99461EPSS
In wild
CVE
CVE
added 2019/07/06 1:20 a.m.427 views

CVE-2019-1911

Cisco Unified Communications Domain Manager (CUCDM) CLI vulnerability (CVE-2019-1911) allows an authenticated, local attacker to escape the restricted shell due to insufficient input validation of shell commands. Affected versions include CUCDM 11.5(3) PB3 and prior releases. Impact is elevated: ...

7.8CVSS6AI score0.00321EPSS
CVE
CVE
added 2019/11/26 3:42 a.m.104 views

CVE-2019-15968

Cisco Unified Communications Domain Manager (CUCDM) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation. An authenticated remote attacker could lure a user to click a crafted link, enabling arbitrary script execution in ...

5.4CVSS5.2AI score0.00633EPSS
CVE
CVE
added 2018/08/15 8:0 p.m.69 views

CVE-2018-0386

Cisco Unified Communications Domain Manager Software contains a cross-site scripting (XSS) vulnerability (CVE-2018-0386) due to improper input validation. A remote, unauthenticated attacker can lure a user to a malicious URL to access sensitive information or perform actions in the user’s securit...

6.1CVSS6.1AI score0.01823EPSS
CVE
CVE
added 2017/11/16 7:0 a.m.66 views

CVE-2017-12337

CVE-2017-12337 affects Cisco Voice Operating System (Voice OS) upgrade mechanisms. A refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration can leave an engineering flag enabled after completion, potentially allowing an unauthenticated attacker to gain root access with a known pas...

10CVSS9.4AI score0.06435EPSS
CVE
CVE
added 2015/02/19 12:0 a.m.64 views

CVE-2015-0626

The CVE-2015-0626 issue affects Cisco Hosted Collaboration Solution (HCS) via the SOAP interface. The vulnerability stems from the SOAP processing of Challenge SOAP calls, enabling an unauthenticated, remote attacker to obtain access to system-management tools on vulnerable HCS deployments. Explo...

4.3CVSS6.8AI score0.01078EPSS
CVE
CVE
added 2015/05/21 10:0 a.m.54 views

CVE-2015-0741

CVE-2015-0741 affects Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) versions down to 10.6(1) and earlier. The issue is multiple cross-site request forgery (CSRF) vulnerabilities (Bug ID CSCut04596) that could allow remote attackers to hijack the authentication of arbitrary users....

6.8CVSS7.5AI score0.01262EPSS
CVE
CVE
added 2014/03/19 1:0 a.m.53 views

CVE-2014-2121

Cisco Hosted Collaboration Solution (HCS) runs Java-based software that contains a vulnerability due to improper packet processing in the Java code, allowing remote, unauthenticated attackers to cause a denial of service by closing TCP ports. The issue affects HCS deployments using the affected J...

5CVSS6.9AI score0.02963EPSS
CVE
CVE
added 2014/03/19 1:0 a.m.51 views

CVE-2014-2122

Cisco Hosted Collaboration Solution (HCS) Impack server GUI contains a memory leak vulnerability that can cause DoS via remote, unauthenticated access. The issue stems from improper packet processing, enabling memory exhaustion on the GUI. Exploitation may require access to trusted internal netwo...

5CVSS6.8AI score0.0297EPSS
CVE
CVE
added 2015/07/10 10:0 a.m.51 views

CVE-2015-4260

CVE-2015-4260 affects Cisco Hosted Collaboration Solution 10.6(1) with an XSS flaw exploitable via a crafted URL parameter. Root cause: insufficient validation of user-supplied URL values leading to arbitrary script execution in the attacker’s target session. Affected product/function: Cisco HCS ...

4.3CVSS5.8AI score0.01546EPSS
CVE
CVE
added 2013/04/05 4:0 p.m.50 views

CVE-2013-1174

CVE-2013-1174 affects Cisco Tivoli Business Service Manager (TBSM) within Hosted Collaboration Mediation (HCM) of Cisco Hosted Collaboration Solution. A remote attacker can cause a partial denial of service (temporary service hang) by flooding ports 17310–17542 with TCP packets. This vulnerabilit...

5CVSS6.8AI score0.01232EPSS
CVE
CVE
added 2013/06/12 1:0 a.m.50 views

CVE-2013-3381

Cisco Hosted Collaboration Mediation is affected by CVE-2013-3381. The vulnerability allows an unauthenticated, remote attacker to cause excessive CPU utilization by sending malformed UDP packets to UDP port 162. The underlying issue is insufficient optimization of resources when flooded with mal...

5CVSS6.8AI score0.01232EPSS
CVE
CVE
added 2015/12/15 2:0 a.m.47 views

CVE-2015-6404

The CVE-2015-6404 entry concerns Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3), where lack of RBAC in the SOAP API allows an authenticated admin user to retrieve sensitive credentials and other restricted data. Root cause: missing RBAC in the HCM-F SOAP interface. Impact: infor...

4CVSS6AI score0.00955EPSS
CVE
CVE
added 2015/05/23 1:0 a.m.44 views

CVE-2015-0750

The CVE-2015-0750 issue affects Cisco Hosted Collaboration Solution (HCS) up to version 10.6(1) and earlier, where the Web management interface may allow remote authenticated attackers to execute arbitrary commands via crafted input in unspecified fields. Root cause is improper input validation i...

6.5CVSS7.5AI score0.01382EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.44 views

CVE-2015-6352

Cisco Unified Communications Domain Manager (UCD) before version 10.6(1) is affected by an information-disclosure vulnerability where error messages for pathname access differ depending on whether the path exists. This enables remote attackers to map the filesystem by issuing a sequence of reques...

4.3CVSS6.9AI score0.01816EPSS