Total
231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||||
CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | |||||
CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.2 MEDIUM | N/A |
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
CVE-2014-0741 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.2 MEDIUM | N/A |
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | |||||
CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | |||||
CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | |||||
CVE-2014-0735 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | |||||
CVE-2014-0734 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | |||||
CVE-2014-0733 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | |||||
CVE-2014-0732 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | |||||
CVE-2014-0731 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | |||||
CVE-2014-0729 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | |||||
CVE-2014-0728 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | |||||
CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |||||
CVE-2014-0726 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | |||||
CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |||||
CVE-2014-0724 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | |||||
CVE-2014-0723 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | |||||
CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | |||||
CVE-2014-0686 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.0 MEDIUM | N/A |
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. |