Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Unified Communications Manager
Total 231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0729 1 Cisco 1 Unified Communications Manager 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
CVE-2014-2184 1 Cisco 1 Unified Communications Manager 2024-02-28 5.0 MEDIUM N/A
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
CVE-2014-3292 1 Cisco 1 Unified Communications Manager 2024-02-28 5.5 MEDIUM N/A
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
CVE-2014-0741 1 Cisco 1 Unified Communications Manager 2024-02-28 6.2 MEDIUM N/A
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
CVE-2014-0735 1 Cisco 1 Unified Communications Manager 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
CVE-2014-3338 1 Cisco 1 Unified Communications Manager 2024-02-28 8.5 HIGH N/A
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
CVE-2014-3366 1 Cisco 1 Unified Communications Manager 2024-02-28 6.5 MEDIUM N/A
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
CVE-2014-0686 1 Cisco 1 Unified Communications Manager 2024-02-28 6.0 MEDIUM N/A
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.
CVE-2014-3373 1 Cisco 1 Unified Communications Manager 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.
CVE-2014-0722 1 Cisco 1 Unified Communications Manager 2024-02-28 5.0 MEDIUM N/A
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
CVE-2014-3372 1 Cisco 1 Unified Communications Manager 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
CVE-2014-0747 1 Cisco 1 Unified Communications Manager 2024-02-28 6.8 MEDIUM N/A
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
CVE-2014-3316 1 Cisco 1 Unified Communications Manager 2024-02-28 4.0 MEDIUM N/A
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
CVE-2014-3287 1 Cisco 1 Unified Communications Manager 2024-02-28 4.0 MEDIUM N/A
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
CVE-2014-0724 1 Cisco 1 Unified Communications Manager 2024-02-28 4.0 MEDIUM N/A
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
CVE-2014-0727 1 Cisco 1 Unified Communications Manager 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
CVE-2014-3319 1 Cisco 1 Unified Communications Manager 2024-02-28 6.8 MEDIUM N/A
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
CVE-2014-3315 1 Cisco 1 Unified Communications Manager 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
CVE-2014-0731 1 Cisco 1 Unified Communications Manager 2024-02-28 5.0 MEDIUM N/A
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
CVE-2014-3317 1 Cisco 1 Unified Communications Manager 2024-02-28 5.5 MEDIUM N/A
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.