Cisco Unified Communications Manager vulnerabilities

CVE-2015-0749 [MEDIUM] CWE-79 CVE-2015-0749: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attac A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user

CVE-2019-15972 [HIGH] CWE-89 CVE-2019-15972: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authentica

CVE-2019-12710 [MEDIUM] CWE-89 CVE-2019-12710: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improp

CVE-2019-12716 [MEDIUM] CWE-79 CVE-2019-12716: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of us

CVE-2019-1915 [MEDIUM] CWE-352 CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Co A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS

CVE-2019-15272 [MEDIUM] CWE-264 CVE-2019-15272: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerabi

CVE-2019-12715 [MEDIUM] CWE-79 CVE-2019-12715: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insu

CVE-2019-12711 [MEDIUM] CWE-611 CVE-2019-12711: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. A

CVE-2019-1887 [HIGH] CWE-787 CVE-2019-1887: A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Co A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malforme

CVE-2019-1837 [HIGH] CWE-129 CVE-2019-1837: A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerabil

CVE-2018-0474 [HIGH] CWE-200 CVE-2018-0474: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified

CVE-2018-0266 [MEDIUM] CWE-200 CVE-2018-0266: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a spec

CVE-2018-0267 [MEDIUM] CWE-200 CVE-2018-0267: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface.

CVE-2018-0198 [MEDIUM] CWE-693 CVE-2018-0198: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A success

CVE-2018-0206 [MEDIUM] CWE-79 CVE-2018-0206: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to condu A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to i

CVE-2018-0120 [MEDIUM] CWE-89 CVE-2018-0120: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries th

CVE-2018-0135 [MEDIUM] CWE-20 CVE-2018-0135: A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected s A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerabilit

CVE-2018-0105 [MEDIUM] CWE-200 CVE-2018-0105: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploi

CVE-2018-0118 [MEDIUM] CWE-79 CVE-2018-0118: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perfo A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficien

CVE-2017-12357 [MEDIUM] CWE-79 CVE-2017-12357: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficien