CVE-2018-0120

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queri...

CVE-2018-0411

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due...

CVE-2018-0355

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inli...

CVE-2018-0206

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due...

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interf...

CVE-2018-0328

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient ...

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occu...

CVE-2018-0340

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient ...

CVE-2018-0135

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnera...

CVE-2018-15403

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability...

CVE-2018-0198

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A ...

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing ...

CVE-2018-0105

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insuff...