Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_communications_manager_im_and_presence_service
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-02 | CVE-2019-12707 | A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | N/A | ||
| 2019-06-05 | CVE-2019-1845 | A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this... | Telepresence_video_communication_server, Unified_communications_manager_im_and_presence_service | 8.6 | ||
| 2016-12-13 | CVE-2016-6464 | A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). | Unified_communications_manager_im_and_presence_service | 7.5 | ||
| 2016-08-07 | CVE-2016-1466 | Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. | Unified_communications_manager_im_and_presence_service | 7.5 | ||
| 2016-02-09 | CVE-2016-1319 | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unified_contact_center_express, Unity_connection | 5.3 | ||
| 2015-10-08 | CVE-2015-6310 | The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. | Unified_communications_manager_im_and_presence_service | N/A | ||
| 2015-07-31 | CVE-2015-4294 | Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | Unified_communications_manager_im_and_presence_service | N/A | ||
| 2015-06-26 | CVE-2015-4222 | SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. | Unified_communications_manager_im_and_presence_service | N/A | ||
| 2015-06-26 | CVE-2015-4221 | Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. | Unified_communications_manager_im_and_presence_service | N/A | ||
| 2014-11-21 | CVE-2014-8000 | Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | Unified_communications_manager_im_and_presence_service | N/A |