Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_communications_manager
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 234 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-01-08 | CVE-2015-6433 | SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | Unified_communications_manager | 6.5 | ||
2015-12-16 | CVE-2015-6425 | The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | Unified_communications_manager | N/A | ||
2015-07-31 | CVE-2015-4295 | The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | Unified_communications_manager | N/A | ||
2015-07-14 | CVE-2015-4272 | Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | Unified_communications_manager | N/A | ||
2015-07-14 | CVE-2015-4269 | The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. | Unified_communications_manager | N/A | ||
2015-12-15 | CVE-2015-4206 | Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | Unified_communications_manager | N/A | ||
2015-05-29 | CVE-2015-0751 | Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | Unified_communications_manager | N/A | ||
2015-05-16 | CVE-2015-0717 | Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | Unified_communications_manager | N/A | ||
2015-01-22 | CVE-2014-8008 | Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | Unified_communications_manager | N/A | ||
2014-11-13 | CVE-2014-7991 | The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | Unified_communications_manager | N/A |