Unity Connection Security Vulnerabilities and Issues — Unity Connection CVE List

Lucene search

CiscoUnity Connection

10 matches found

CVE•added 2020/01/26 5:15 a.m.•131 views

CVE-2020-3129

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker ...

4.8CVSS4.8AI score0.0026EPSS

CVE•added 2024/01/26 6:15 p.m.•57 views

CVE-2024-20305

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

4.8CVSS5AI score0.00078EPSS

CVE•added 2018/10/05 2:29 p.m.•53 views

CVE-2018-15426

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-su...

4.8CVSS4.9AI score0.00176EPSS

CVE•added 2014/04/05 4:1 a.m.•47 views

CVE-2014-2145

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.

4CVSS6.4AI score0.00324EPSS

CVE•added 2014/11/07 11:55 a.m.•43 views

CVE-2014-7988

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.

4CVSS5.9AI score0.00306EPSS

CVE•added 2015/12/03 3:59 a.m.•43 views

CVE-2015-6390

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.

4.3CVSS5.8AI score0.00402EPSS

CVE•added 2021/11/04 4:15 p.m.•42 views

CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection coul...

4.3CVSS4.4AI score0.0009EPSS

CVE•added 2013/10/19 10:36 a.m.•41 views

CVE-2013-5534

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not ...

4CVSS7AI score0.00264EPSS

CVE•added 2012/09/16 10:34 a.m.•36 views

CVE-2012-3096

Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.

4CVSS6.5AI score0.00403EPSS

CVE•added 2014/04/02 3:58 a.m.•36 views

CVE-2014-2125

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

4.3CVSS5.9AI score0.00322EPSS