Filtered by vendor Cisco
Subscribe
Filtered by product Unified Communications Domain Manager
Subscribe
Total
42 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8010 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-01-02 | 6.5 MEDIUM | N/A |
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | |||||
CVE-2015-4196 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-12-28 | 5.0 MEDIUM | N/A |
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. | |||||
CVE-2015-6422 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-12-07 | 4.0 MEDIUM | N/A |
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | |||||
CVE-2015-6352 | 1 Cisco | 2 Hosted Collaboration Solution, Unified Communications Domain Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | |||||
CVE-2016-1314 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-12-02 | 3.5 LOW | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | |||||
CVE-2014-3283 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. | |||||
CVE-2014-3282 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. | |||||
CVE-2014-3280 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | |||||
CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | |||||
CVE-2016-1354 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | |||||
CVE-2014-3281 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | |||||
CVE-2014-3279 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | |||||
CVE-2014-3278 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | |||||
CVE-2015-0682 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-10-27 | 6.5 MEDIUM | N/A |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | |||||
CVE-2015-0683 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-29 | 4.0 MEDIUM | N/A |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | |||||
CVE-2015-0684 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-29 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | |||||
CVE-2014-2104 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. | |||||
CVE-2013-5517 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-10-17 | 5.5 MEDIUM | N/A |
SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. | |||||
CVE-2013-3418 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-07-25 | 6.8 MEDIUM | N/A |
Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | |||||
CVE-2013-1132 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. |