Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2184 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 5.0 MEDIUM | N/A |
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | |||||
CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 4.0 MEDIUM | N/A |
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
CVE-2011-3315 | 1 Cisco | 4 Unified Ccx, Unified Communications Manager, Unified Ip Interactive Voice Response and 1 more | 2014-02-27 | 7.8 HIGH | N/A |
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. | |||||
CVE-2014-0732 | 1 Cisco | 1 Unified Communications Manager | 2014-02-20 | 5.0 MEDIUM | N/A |
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | |||||
CVE-2014-0733 | 1 Cisco | 1 Unified Communications Manager | 2014-02-20 | 5.0 MEDIUM | N/A |
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | |||||
CVE-2014-0724 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 4.0 MEDIUM | N/A |
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | |||||
CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 5.0 MEDIUM | N/A |
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |||||
CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 5.0 MEDIUM | N/A |
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | |||||
CVE-2013-5555 | 1 Cisco | 1 Unified Communications Manager | 2013-11-21 | 4.3 MEDIUM | N/A |
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | |||||
CVE-2013-6688 | 1 Cisco | 1 Unified Communications Manager | 2013-11-19 | 6.3 MEDIUM | N/A |
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | |||||
CVE-2013-6689 | 1 Cisco | 1 Unified Communications Manager | 2013-11-19 | 6.9 MEDIUM | N/A |
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | |||||
CVE-2013-3397 | 1 Cisco | 1 Unified Communications Manager | 2013-10-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | |||||
CVE-2013-3459 | 1 Cisco | 1 Unified Communications Manager | 2013-09-10 | 7.8 HIGH | N/A |
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | |||||
CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2013-08-29 | 7.8 HIGH | N/A |
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | |||||
CVE-2013-3402 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 6.5 MEDIUM | N/A |
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||||
CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | |||||
CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 7.5 HIGH | N/A |
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | |||||
CVE-2013-3403 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 6.8 MEDIUM | N/A |
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | |||||
CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | |||||
CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 4.0 MEDIUM | N/A |
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. |