Lucene search

K
CiscoUnified Communications Manager

37 matches found

CVE
CVE
added 2018/02/08 7:29 a.m.101 views

CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queri...

4.3CVSS5.3AI score0.00207EPSS
CVE
CVE
added 2021/04/08 4:15 a.m.77 views

CVE-2021-1406

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusi...

4.9CVSS4.8AI score0.00282EPSS
CVE
CVE
added 2021/04/08 4:15 a.m.72 views

CVE-2021-1399

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vuln...

4.3CVSS4.4AI score0.00072EPSS
CVE
CVE
added 2014/07/10 11:6 a.m.58 views

CVE-2014-3316

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

4CVSS6.3AI score0.00511EPSS
CVE
CVE
added 2022/07/06 9:15 p.m.56 views

CVE-2022-20862

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of...

4.3CVSS4.6AI score0.00169EPSS
CVE
CVE
added 2017/08/17 8:29 p.m.51 views

CVE-2017-6785

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper...

4.3CVSS4.9AI score0.00171EPSS
CVE
CVE
added 2018/02/08 7:29 a.m.51 views

CVE-2018-0135

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnera...

4.3CVSS4.5AI score0.00208EPSS
CVE
CVE
added 2013/10/11 3:54 a.m.50 views

CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

4CVSS6.4AI score0.61502EPSS
CVE
CVE
added 2014/02/13 5:24 a.m.48 views

CVE-2014-0723

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.

4.3CVSS5.8AI score0.00285EPSS
CVE
CVE
added 2015/12/15 5:59 a.m.48 views

CVE-2015-4206

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

4.3CVSS6AI score0.00908EPSS
CVE
CVE
added 2017/04/07 5:59 p.m.47 views

CVE-2017-3886

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL data...

4.9CVSS5.6AI score0.00204EPSS
CVE
CVE
added 2017/02/22 2:59 a.m.46 views

CVE-2017-3836

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(...

4.3CVSS4.6AI score0.00283EPSS
CVE
CVE
added 2007/08/31 11:17 p.m.45 views

CVE-2007-4633

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) u...

4.3CVSS5.8AI score0.00516EPSS
CVE
CVE
added 2014/08/11 8:55 p.m.45 views

CVE-2014-3332

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

4CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2015/07/14 2:59 p.m.45 views

CVE-2015-4272

Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.

4.3CVSS5.8AI score0.00263EPSS
CVE
CVE
added 2015/08/01 1:59 a.m.44 views

CVE-2015-4295

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

4CVSS6.5AI score0.00176EPSS
CVE
CVE
added 2018/04/19 8:29 p.m.43 views

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing ...

4.3CVSS4.5AI score0.00157EPSS
CVE
CVE
added 2014/10/31 10:55 a.m.42 views

CVE-2014-3372

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

4.3CVSS5.9AI score0.00442EPSS
CVE
CVE
added 2019/10/02 7:15 p.m.42 views

CVE-2019-12710

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vuln...

4.9CVSS5.3AI score0.00226EPSS
CVE
CVE
added 2021/11/04 4:15 p.m.42 views

CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection coul...

4.3CVSS4.4AI score0.0009EPSS
CVE
CVE
added 2013/05/04 3:24 a.m.41 views

CVE-2013-1240

The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.

4.6CVSS6.5AI score0.00061EPSS
CVE
CVE
added 2014/02/20 5:18 a.m.40 views

CVE-2014-0735

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

4.3CVSS5.8AI score0.00277EPSS
CVE
CVE
added 2014/10/31 10:55 a.m.40 views

CVE-2014-3374

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

4.3CVSS5.9AI score0.00499EPSS
CVE
CVE
added 2015/07/14 2:59 p.m.40 views

CVE-2015-4269

The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.

4CVSS6.4AI score0.00388EPSS
CVE
CVE
added 2009/01/22 6:30 p.m.39 views

CVE-2009-0057

The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematur...

4.3CVSS6.7AI score0.00529EPSS
CVE
CVE
added 2014/07/10 11:6 a.m.39 views

CVE-2014-3318

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

4CVSS6.3AI score0.00684EPSS
CVE
CVE
added 2014/01/08 9:55 p.m.38 views

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4CVSS6.5AI score0.00445EPSS
CVE
CVE
added 2014/02/13 5:24 a.m.38 views

CVE-2014-0724

The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

4CVSS7.3AI score0.00282EPSS
CVE
CVE
added 2013/11/01 2:55 a.m.37 views

CVE-2013-5555

Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.

4.3CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2014/04/29 10:37 a.m.37 views

CVE-2014-2185

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.

4CVSS5.8AI score0.00176EPSS
CVE
CVE
added 2014/10/31 10:55 a.m.36 views

CVE-2014-3373

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.

4.3CVSS5.9AI score0.00499EPSS
CVE
CVE
added 2014/11/14 12:59 a.m.36 views

CVE-2014-7991

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a l...

4.3CVSS6.6AI score0.00292EPSS
CVE
CVE
added 2013/08/05 1:22 p.m.34 views

CVE-2013-3442

The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.

4CVSS5.9AI score0.00162EPSS
CVE
CVE
added 2014/06/10 11:19 a.m.34 views

CVE-2014-3287

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.

4CVSS8.2AI score0.00242EPSS
CVE
CVE
added 2014/10/31 10:55 a.m.33 views

CVE-2014-3375

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

4.3CVSS5.9AI score0.00532EPSS
CVE
CVE
added 2014/07/10 11:6 a.m.32 views

CVE-2014-3315

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

4.3CVSS5.9AI score0.00357EPSS
CVE
CVE
added 2013/12/21 2:22 p.m.30 views

CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4CVSS5.8AI score0.00501EPSS