Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12258 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993. | |||||
| CVE-2015-4295 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | |||||
| CVE-2014-3319 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | |||||
| CVE-2016-9206 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). | |||||
| CVE-2014-3315 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | |||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
| CVE-2014-3316 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. | |||||
| CVE-2016-9210 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||
| CVE-2014-3372 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | |||||
| CVE-2015-4272 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | |||||
| CVE-2014-3318 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | |||||
| CVE-2014-3338 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 8.5 HIGH | N/A |
| The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | |||||
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.2 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
| CVE-2014-3375 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | |||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | |||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
| CVE-2015-0751 | 1 Cisco | 2 Ip Phone 7861, Unified Communications Manager | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | |||||
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | |||||
| CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | |||||