Total
230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 5.0 MEDIUM | N/A |
| The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | |||||
| CVE-2015-4206 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | |||||
| CVE-2013-3462 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 8.5 HIGH | N/A |
| Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | |||||
| CVE-2013-3461 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 7.1 HIGH | N/A |
| Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | |||||
| CVE-2013-3460 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 7.8 HIGH | N/A |
| Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | |||||
| CVE-2013-3472 | 1 Cisco | 1 Unified Communications Manager | 2016-11-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | |||||
| CVE-2014-0731 | 1 Cisco | 1 Unified Communications Manager | 2016-09-09 | 5.0 MEDIUM | N/A |
| The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | |||||
| CVE-2014-3292 | 1 Cisco | 1 Unified Communications Manager | 2016-09-08 | 5.5 MEDIUM | N/A |
| The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | |||||
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | |||||
| CVE-2014-0735 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | |||||
| CVE-2014-0734 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | |||||
| CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |||||
| CVE-2014-0726 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | |||||
| CVE-2014-0723 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | |||||
| CVE-2015-4295 | 1 Cisco | 1 Unified Communications Manager | 2015-08-21 | 4.0 MEDIUM | N/A |
| The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | |||||
| CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2015-08-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | |||||
| CVE-2014-0729 | 1 Cisco | 1 Unified Communications Manager | 2015-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | |||||
| CVE-2014-0728 | 1 Cisco | 1 Unified Communications Manager | 2015-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | |||||
| CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2015-08-01 | 6.8 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||||