CVE-2021-1409

CWE-89 — SQL Injection CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 42.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager IM \& Presence Service Cisco Unity Connection +1 more

Timeline

PublishedApr 8

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface doe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDcisco/unified_communications_manager_im_\&_presence_service< 14

▶NVDcisco/unified_communications_manager< 14

▶NVDcisco/unity_connection< 14.0

▶CVEListV5cisco/cisco_unity_connectionn/a

🔴Vulnerability Details

GHSA

GHSA-3gj4-c93j-g529: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Mana↗2022-05-24

▶

CVEList

Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities↗2021-04-08

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities↗2021-04-07

▶