Unity Connection@* Security Vulnerabilities and Issues — Unity Connection@* CVE List

CiscoUnity Connection*

8 matches found

CVE•added 2021/12/10 12:0 a.m.•6662 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS

In wild

CVE•added 2024/01/17 4:54 p.m.•160 views

CVE-2024-20272

CVE-2024-20272 affects Cisco Unity Connection. An unauthenticated attacker can exploit a lack of authentication in a specific API and improper validation to upload arbitrary files, potentially storing malicious files, executing commands on the underlying OS, and elevating privileges to root. Cisc...

9.8CVSS10AI score0.01604EPSS

CVE•added 2024/01/26 5:28 p.m.•145 views

CVE-2024-20253

CVE-2024-20253 affects Cisco Unified Communications Manager and related UC/Contact Center products. The root cause is improper processing of user-supplied data read into memory, enabling an unauthenticated, remote attacker to send a crafted message to a listening port and execute arbitrary comman...

10CVSS9.6AI score0.01951EPSS

CVE•added 2020/01/26 4:31 a.m.•143 views

CVE-2020-3129

CVE-2020-3129 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection Software. The issue arises from insufficient input validation in the interface, allowing an authenticated, remote attacker to supply crafted data that can be s...

4.8CVSS4.8AI score0.00622EPSS

CVE•added 2021/04/08 4:5 a.m.•105 views

CVE-2021-1380

CVE-2021-1380 covers multiple Cisco products (CUCM, CUCM IM&P, CUCM SME, Unity Connection) with web-based management interface XSS vulnerabilities caused by improper input validation. An unauthenticated, remote attacker could lure a user to click a crafted link and trigger arbitrary script execut...

6.1CVSS6.1AI score0.00823EPSS

CVE•added 2021/04/08 4:6 a.m.•85 views

CVE-2021-1409

Summary: CVE-2021-1409 covers multiple cross-site scripting (XSS) flaws in Cisco Unified Communications Manager (CUCM), including the web-based management interfaces of CUCM, CUCM IM&P, CUCM SME, and Cisco Unity Connection. What’s affected: Web-based management interfaces in CUCM family prior to ...

6.1CVSS6.1AI score0.00823EPSS

CVE•added 2024/01/26 5:26 p.m.•67 views

CVE-2024-20305

Cisco Unity Connection's web-based management interface is affected by an XSS vulnerability due to improper input validation. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the user’s browser context or access to sensitive ...

4.8CVSS5AI score0.00352EPSS

CVE•added 2021/11/04 3:40 p.m.•63 views

CVE-2021-34701

Cisco CVE-2021-34701 affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM&P, and Cisco Unity Connection. The issue arises from insufficient validation of user-supplied input in the web-based management interface, enabling authentica...

4.3CVSS4.4AI score0.01513EPSS