Cisco

Unified Communications Manager

204 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-0725

  • EPSS 0.28%
  • Published 13.02.2014 05:24:51
  • Last modified 11.04.2025 00:51:21

Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

7.5

CVE-2014-0726

  • EPSS 0.4%
  • Published 13.02.2014 05:24:51
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.

7.5

CVE-2014-0727

  • EPSS 0.4%
  • Published 13.02.2014 05:24:51
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.

7.5

CVE-2014-0728

  • EPSS 0.48%
  • Published 13.02.2014 05:24:51
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.

7.5

CVE-2014-0729

  • EPSS 0.41%
  • Published 13.02.2014 05:24:51
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.

6

CVE-2014-0686

  • EPSS 0.07%
  • Published 04.02.2014 05:39:08
  • Last modified 11.04.2025 00:51:21

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

4

CVE-2014-0657

  • EPSS 0.45%
  • Published 08.01.2014 21:55:06
  • Last modified 11.04.2025 00:51:21

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidd...

4

CVE-2013-6978

  • EPSS 0.5%
  • Published 21.12.2013 14:22:57
  • Last modified 11.04.2025 00:51:21

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID...

5

CVE-2013-7030

Exploit
  • EPSS 13.18%
  • Published 12.12.2013 17:55:03
  • Last modified 11.04.2025 00:51:21

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDe...

6.3

CVE-2013-6688

  • EPSS 0.39%
  • Published 18.11.2013 03:55:06
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted p...