Cisco Hosted Collaboration Mediation Fulfillment vulnerabilities

CVE-2021-1478 [MEDIUM] CWE-284 CVE-2021-1478: A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Ma A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an uns

CVE-2020-3124 [MEDIUM] CWE-352 CVE-2020-3124: A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM- A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerabil

CVE-2020-3256 [MEDIUM] CWE-611 CVE-2020-3256: A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfil A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. Th

CVE-2018-15401 [MEDIUM] CWE-352 CVE-2018-15401: A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfil A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management int

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi

CVE-2016-6454 [MEDIUM] CWE-352 CVE-2016-6454: A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collabora A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).

CVE-2016-6371 [HIGH] CWE-22 CVE-2016-6371: Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

CVE-2016-6370 [MEDIUM] CWE-22 CVE-2016-6370: Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.