Cisco Unified Communications Manager vulnerabilities

CVE-2020-3177 [HIGH] CWE-22 CVE-2020-3177: A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communication A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of u

CVE-2015-0749 [MEDIUM] CWE-79 CVE-2015-0749: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attac A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user

CVE-2019-15972 [HIGH] CWE-89 CVE-2019-15972: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authentica

CVE-2019-12710 [MEDIUM] CWE-89 CVE-2019-12710: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improp

CVE-2019-1915 [MEDIUM] CWE-352 CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Co A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS

CVE-2019-15272 [MEDIUM] CWE-264 CVE-2019-15272: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerabi

CVE-2019-12715 [MEDIUM] CWE-79 CVE-2019-12715: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insu

CVE-2019-12711 [MEDIUM] CWE-611 CVE-2019-12711: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. A

CVE-2019-12716 [MEDIUM] CWE-79 CVE-2019-12716: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of us

CVE-2019-1887 [HIGH] CWE-787 CVE-2019-1887: A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Co A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malforme

CVE-2019-1837 [HIGH] CWE-129 CVE-2019-1837: A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerabil

CVE-2018-0474 [HIGH] CWE-200 CVE-2018-0474: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified