Product:

Hosted_collaboration_mediation_fulfillment

(Cisco)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2020-05-06 CVE-2020-3256 A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this... Hosted_collaboration_mediation_fulfillment 4.9
2020-09-23 CVE-2020-3124 A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that... Hosted_collaboration_mediation_fulfillment 6.5
2021-05-06 CVE-2021-1478 A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit... Hosted_collaboration_mediation_fulfillment, Unified_communications_manager 6.5
2018-10-05 CVE-2018-15401 A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could... Hosted_collaboration_mediation_fulfillment 6.5
2018-06-07 CVE-2017-6779 Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could... Emergency_responder, Finesse, Hosted_collaboration_mediation_fulfillment, Mediasense, Prime_collaboration_assurance, Prime_collaboration_provisioning, Prime_license_manager, Socialminer, Unified_communications_manager, Unified_contact_center_express, Unified_intelligence_center, Unity_connection, Virtualized_voice_browser 7.5
2016-11-03 CVE-2016-6454 A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216). Hosted_collaboration_mediation_fulfillment 6.5
2016-09-12 CVE-2016-6371 Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Hosted_collaboration_mediation_fulfillment 7.5
2016-09-12 CVE-2016-6370 Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. Hosted_collaboration_mediation_fulfillment 4.3