Lucene search

K
CiscoUnified Communications Domain Manager

41 matches found

CVE
CVE
added 2019/11/26 4:15 a.m.93 views

CVE-2019-15968

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerabili...

5.4CVSS5.2AI score0.00287EPSS
CVE
CVE
added 2015/06/30 10:59 a.m.54 views

CVE-2015-4229

The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.

5CVSS6.3AI score0.00428EPSS
CVE
CVE
added 2018/06/21 11:29 a.m.54 views

CVE-2018-0364

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

8.8CVSS8.7AI score0.00187EPSS
CVE
CVE
added 2018/08/15 8:29 p.m.54 views

CVE-2018-0386

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...

6.1CVSS6.1AI score0.00305EPSS
CVE
CVE
added 2016/03/03 3:59 p.m.49 views

CVE-2016-1354

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.

6.1CVSS6AI score0.0025EPSS
CVE
CVE
added 2017/11/16 7:29 a.m.49 views

CVE-2017-12302

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied...

4.3CVSS5AI score0.00183EPSS
CVE
CVE
added 2014/07/07 11:1 a.m.47 views

CVE-2014-2197

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CS...

9CVSS6.3AI score0.00775EPSS
CVE
CVE
added 2014/07/07 11:1 a.m.47 views

CVE-2014-3300

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.

7.5CVSS6.5AI score0.45577EPSS
CVE
CVE
added 2015/04/15 10:59 a.m.45 views

CVE-2015-0699

SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.

5CVSS8.7AI score0.00235EPSS
CVE
CVE
added 2014/03/02 4:57 a.m.44 views

CVE-2014-2104

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and...

4.3CVSS5.9AI score0.00322EPSS
CVE
CVE
added 2014/12/22 7:59 p.m.44 views

CVE-2014-8018

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur...

4.3CVSS5.8AI score0.00296EPSS
CVE
CVE
added 2018/02/22 12:29 a.m.44 views

CVE-2018-0124

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker coul...

9.8CVSS9.8AI score0.01153EPSS
CVE
CVE
added 2015/07/04 10:59 a.m.42 views

CVE-2015-4196

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

5CVSS7AI score0.00241EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.42 views

CVE-2017-6668

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releas...

4.9CVSS5.6AI score0.00204EPSS
CVE
CVE
added 2014/07/07 11:1 a.m.41 views

CVE-2014-2198

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

10CVSS6.8AI score0.02337EPSS
CVE
CVE
added 2014/07/18 1:0 a.m.41 views

CVE-2014-3320

Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka ...

5.8CVSS7.1AI score0.00528EPSS
CVE
CVE
added 2013/07/11 10:55 p.m.40 views

CVE-2013-3418

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922.

6.8CVSS6.5AI score0.00363EPSS
CVE
CVE
added 2014/08/12 11:55 p.m.40 views

CVE-2014-3339

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.

6.5CVSS8.3AI score0.00378EPSS
CVE
CVE
added 2015/01/10 2:59 a.m.40 views

CVE-2014-8020

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.

5CVSS6.9AI score0.00734EPSS
CVE
CVE
added 2015/04/03 10:59 a.m.40 views

CVE-2015-0682

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.

6.5CVSS7.5AI score0.01218EPSS
CVE
CVE
added 2013/07/10 9:55 p.m.39 views

CVE-2013-1132

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt pa...

4.3CVSS5.8AI score0.00263EPSS
CVE
CVE
added 2013/10/02 10:55 p.m.39 views

CVE-2013-5517

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567.

5.5CVSS8.1AI score0.00359EPSS
CVE
CVE
added 2014/05/29 5:55 p.m.39 views

CVE-2014-3279

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.

5CVSS6.8AI score0.00677EPSS
CVE
CVE
added 2014/05/29 5:55 p.m.39 views

CVE-2014-3282

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator pr...

4CVSS6AI score0.00391EPSS
CVE
CVE
added 2014/08/12 10:55 p.m.39 views

CVE-2014-3337

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.

6.8CVSS6.4AI score0.0247EPSS
CVE
CVE
added 2013/01/31 12:6 p.m.38 views

CVE-2013-1113

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042.

4.3CVSS5.8AI score0.00329EPSS
CVE
CVE
added 2014/06/08 4:55 p.m.38 views

CVE-2014-3278

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.

5CVSS6.9AI score0.0026EPSS
CVE
CVE
added 2015/04/03 10:59 a.m.38 views

CVE-2015-0684

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.

6.5CVSS8.2AI score0.00311EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.38 views

CVE-2017-6670

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.

6.1CVSS6.3AI score0.00255EPSS
CVE
CVE
added 2014/05/29 5:55 p.m.37 views

CVE-2014-3283

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun...

5.8CVSS6.8AI score0.00554EPSS
CVE
CVE
added 2015/01/15 10:59 p.m.37 views

CVE-2015-0591

Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.

5CVSS6.8AI score0.00853EPSS
CVE
CVE
added 2013/05/01 12:0 p.m.35 views

CVE-2013-1230

Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.

5CVSS6.8AI score0.00474EPSS
CVE
CVE
added 2014/06/03 4:44 a.m.35 views

CVE-2014-3280

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs...

4CVSS6.1AI score0.00391EPSS
CVE
CVE
added 2015/01/15 10:59 p.m.35 views

CVE-2015-0588

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.

6.8CVSS7.4AI score0.00172EPSS
CVE
CVE
added 2015/12/14 3:59 a.m.35 views

CVE-2015-6422

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.

4CVSS6.4AI score0.00455EPSS
CVE
CVE
added 2014/12/10 9:59 p.m.34 views

CVE-2014-8010

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.

6.5CVSS7.4AI score0.0036EPSS
CVE
CVE
added 2015/04/03 10:59 a.m.34 views

CVE-2015-0683

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.

4CVSS5.9AI score0.00176EPSS
CVE
CVE
added 2013/04/29 12:20 p.m.33 views

CVE-2013-1227

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.

4.3CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2015/10/30 10:59 a.m.33 views

CVE-2015-6352

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.

4.3CVSS6.9AI score0.00283EPSS
CVE
CVE
added 2014/05/29 5:55 p.m.32 views

CVE-2014-3277

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privil...

4CVSS6AI score0.0036EPSS
CVE
CVE
added 2014/06/08 4:55 p.m.32 views

CVE-2014-3281

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.

5CVSS6.5AI score0.0026EPSS