Unified_communications_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Unified_communications_manager
(Cisco)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	236

Date	Id	Summary	Products	Score	Patch	Annotated
2015-01-22	CVE-2014-8008	Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.	Unified_communications_manager	N/A
2014-11-13	CVE-2014-7991	The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.	Unified_communications_manager	N/A
2014-10-31	CVE-2014-3375	Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.	Unified_communications_manager	N/A
2014-10-31	CVE-2014-3374	Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.	Unified_communications_manager	N/A
2014-10-31	CVE-2014-3373	Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.	Unified_communications_manager	N/A
2014-10-31	CVE-2014-3372	Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.	Unified_communications_manager	N/A
2014-10-31	CVE-2014-3366	SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.	Unified_communications_manager	N/A
2014-09-11	CVE-2014-3363	Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.	Unified_communications_manager	N/A
2014-08-12	CVE-2014-3338	The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.	Unified_communications_manager	N/A
2014-08-11	CVE-2014-3332	Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.	Unified_communications_manager	N/A