Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unity_connection
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 58 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-04 | CVE-2021-34701 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 4.3 | ||
| 2022-04-21 | CVE-2022-20788 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by... | Unified_communications_manager, Unity_connection | 6.1 | ||
| 2022-07-06 | CVE-2022-20752 | A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to... | Unified_communications_manager, Unity_connection | 5.3 | ||
| 2022-07-06 | CVE-2022-20800 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 6.1 | ||
| 2022-07-06 | CVE-2022-20859 | A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 8.8 | ||
| 2016-04-21 | CVE-2015-6360 | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | Adaptive_security_appliance_software, Dx_series_ip_phones_firmware, Ios_xe, Ip_phone_7800_series_firmware, Ip_phone_8800_series_firmware, Jabber_software_development_kit, Libsrtp, Unified_communications_manager, Unified_ip_phone_6900_series_firmware, Unified_ip_phone_7900_series_firmware, Unified_ip_phone_8900_series_firmware, Unified_wireless_ip_phone_7920_firmware, Unity_connection, Webex_meeting_center | 7.5 | ||
| 2019-02-21 | CVE-2019-1685 | A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A... | Unity_connection | 6.1 | ||
| 2019-10-02 | CVE-2019-1915 | A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 6.5 | ||
| 2020-09-23 | CVE-2020-3130 | A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are... | Unity_connection | 6.5 | ||
| 2020-07-02 | CVE-2020-3282 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | N/A |