Filtered by vendor Cisco
Subscriptions
Filtered by product Unified Communications Manager
Subscriptions
Total
239 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | ||||
| CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | ||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | ||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | ||||
| CVE-2015-0717 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | ||||
| CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | ||||
| CVE-2014-3318 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | ||||
| CVE-2015-0751 | 1 Cisco | 2 Ip Phone 7861, Unified Communications Manager | 2025-04-12 | N/A |
| Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | ||||
| CVE-2015-4269 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. | ||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | ||||
| CVE-2016-6440 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). | ||||
| CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2025-04-11 | N/A |
| Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | ||||
| CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||
| CVE-2013-3450 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | ||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | ||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | ||||
| CVE-2013-3433 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | ||||
| CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | ||||
| CVE-2013-3397 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | ||||
| CVE-2013-1240 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | ||||