Cisco Unity Connection vulnerabilities

CVE-2021-1409 [MEDIUM] CWE-89 CVE-2021-1409: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manag Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to

CVE-2021-1380 [MEDIUM] CWE-89 CVE-2021-1380: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manag Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to

CVE-2021-1408 [MEDIUM] CWE-89 CVE-2021-1408: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manag Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to

CVE-2019-15963 [MEDIUM] CWE-200 CVE-2019-15963: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of th

CVE-2020-3130 [MEDIUM] CWE-22 CVE-2020-3130: A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticat A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful ex

CVE-2020-3282 [MEDIUM] CWE-79 CVE-2020-3282: A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us

CVE-2020-3129 [MEDIUM] CWE-79 CVE-2020-3129: A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted d

CVE-2019-12707 [MEDIUM] CWE-79 CVE-2019-12707: A vulnerability in the web-based interface of multiple Cisco Unified Communications products could a A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based inte

CVE-2019-1685 [MEDIUM] CWE-79 CVE-2019-1685: A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of C A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the

CVE-2018-15396 [MEDIUM] CWE-399 CVE-2018-15396: A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an auth A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An att

CVE-2018-15426 [MEDIUM] CWE-79 CVE-2018-15426: A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, r A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based inter