Filtered by vendor Cisco
Subscriptions
Filtered by product Unified Communications Manager
Subscriptions
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3372 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | ||||
| CVE-2014-3373 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | ||||
| CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | ||||
| CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | ||||
| CVE-2015-0751 | 1 Cisco | 2 Ip Phone 7861, Unified Communications Manager | 2025-04-12 | N/A |
| Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | ||||
| CVE-2015-4206 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | ||||
| CVE-2014-3315 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | ||||
| CVE-2014-3319 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | ||||
| CVE-2016-6440 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). | ||||
| CVE-2016-6472 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). | ||||
| CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | ||||
| CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | ||||
| CVE-2014-2184 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | ||||
| CVE-2014-0741 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | ||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | ||||
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | ||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | ||||
| CVE-2014-3332 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | ||||
| CVE-2015-6360 | 2 Cisco, Redhat | 15 Adaptive Security Appliance Software, Dx Series Ip Phones Firmware, Ios Xe and 12 more | 2025-04-12 | N/A |
| The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | ||||
| CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | ||||