Cisco

Unified Communications Manager

204 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-4206

  • EPSS 0.91%
  • Published 15.12.2015 05:59:00
  • Last modified 12.04.2025 10:46:40

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

6.8

CVE-2014-8008

  • EPSS 8.32%
  • Published 22.01.2015 14:01:14
  • Last modified 12.04.2025 10:46:40

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

4.3

CVE-2014-7991

  • EPSS 0.29%
  • Published 14.11.2014 00:59:03
  • Last modified 12.04.2025 10:46:40

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS cor...

6.5

CVE-2014-3366

  • EPSS 0.28%
  • Published 31.10.2014 10:55:02
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

4.3

CVE-2014-3372

  • EPSS 0.44%
  • Published 31.10.2014 10:55:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

4.3

CVE-2014-3373

  • EPSS 0.5%
  • Published 31.10.2014 10:55:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID...

4.3

CVE-2014-3374

  • EPSS 0.5%
  • Published 31.10.2014 10:55:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

4.3

CVE-2014-3375

  • EPSS 0.53%
  • Published 31.10.2014 10:55:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

4

CVE-2014-3332

  • EPSS 0.35%
  • Published 11.08.2014 20:55:07
  • Last modified 12.04.2025 10:46:40

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

4

CVE-2014-3316

  • EPSS 0.51%
  • Published 10.07.2014 11:06:28
  • Last modified 12.04.2025 10:46:40

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.