Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unity_connection
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 58 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-05-03 | CVE-2017-6629 | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. | Unity_connection | 5.3 | ||
| 2016-04-12 | CVE-2016-1377 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | Unity_connection | 6.1 | ||
| 2016-02-09 | CVE-2016-1319 | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unified_contact_center_express, Unity_connection | 5.3 | ||
| 2016-02-06 | CVE-2016-1310 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | Unity_connection | 6.1 | ||
| 2016-01-30 | CVE-2016-1304 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | Unity_connection | 6.1 | ||
| 2016-01-27 | CVE-2016-1300 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | Unity_connection | 6.1 | ||
| 2015-12-12 | CVE-2015-6408 | Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | Unity_connection | N/A | ||
| 2015-12-03 | CVE-2015-6390 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. | Unity_connection | N/A | ||
| 2015-09-20 | CVE-2015-6299 | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | Unity_connection | N/A | ||
| 2015-05-06 | CVE-2015-0716 | Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | Unity_connection | N/A |