Unified Communications Manager@10.0 Security Vulnerabilities and Issues — Unified Communications Manager@10.0 CVE List

Lucene search

CiscoUnified Communications Manager10.0

15 matches found

CVE•added 2014/02/20 5:18 a.m.•56 views

CVE-2014-0734

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

7.5CVSS8.6AI score0.00222EPSS

CVE•added 2014/02/27 1:55 a.m.•42 views

CVE-2014-0747

The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.

6.8CVSS6.7AI score0.00049EPSS

CVE•added 2014/02/20 5:18 a.m.•40 views

CVE-2014-0735

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

4.3CVSS5.8AI score0.00277EPSS

CVE•added 2014/02/22 9:55 p.m.•39 views

CVE-2014-0731

The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

5CVSS7AI score0.0022EPSS

CVE•added 2014/02/27 1:55 a.m.•39 views

CVE-2014-0743

The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.

5CVSS6.9AI score0.00462EPSS

CVE•added 2014/02/13 5:24 a.m.•38 views

CVE-2014-0724

The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

4CVSS7.3AI score0.00282EPSS

CVE•added 2014/02/27 1:55 a.m.•38 views

CVE-2014-0742

The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.

6.2CVSS6.5AI score0.00036EPSS

CVE•added 2014/11/14 12:59 a.m.•36 views

CVE-2014-7991

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a l...

4.3CVSS6.6AI score0.00292EPSS

CVE•added 2014/02/13 5:24 a.m.•34 views

CVE-2014-0728

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.

7.5CVSS8.6AI score0.00482EPSS

CVE•added 2014/02/27 1:55 a.m.•34 views

CVE-2014-0741

The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.

6.2CVSS6.4AI score0.00036EPSS

CVE•added 2014/02/13 5:24 a.m.•33 views

CVE-2014-0726

SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.

7.5CVSS8.6AI score0.00397EPSS

CVE•added 2014/02/20 5:18 a.m.•33 views

CVE-2014-0732

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.

5CVSS6.9AI score0.00214EPSS

CVE•added 2014/02/20 3:27 p.m.•32 views

CVE-2014-0733

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

5CVSS6.9AI score0.00301EPSS

CVE•added 2014/02/20 5:18 a.m.•30 views

CVE-2014-0736

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka...

6.8CVSS7.4AI score0.00126EPSS

CVE•added 2014/02/27 1:55 a.m.•30 views

CVE-2014-0740

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for re...

6.8CVSS7.4AI score0.00126EPSS