Cisco Unified Communications Manager vulnerabilities
207 known vulnerabilities affecting cisco/unified_communications_manager.
Total CVEs
207
CISA KEV
2
actively exploited
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL12HIGH76MEDIUM117LOW1
Vulnerabilities
Page 3 of 11
CVE-2021-1364MEDIUMCVSS 4.9fixed in 11.5\(1\)su9≥ 12.0, < 12.0\(1\)su4+1 more2021-01-20
CVE-2021-1364 [MEDIUM] CWE-35 CVE-2021-1364: Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco
nvd
CVE-2021-1226MEDIUMCVSS 6.5≥ 11.5\(1\), < 11.5\(1\)su9v10.5\(2\)2021-01-13
CVE-2021-1226 [MEDIUM] CWE-532 CVE-2021-1226: A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unifie
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sen
nvd
CVE-2020-3135HIGHCVSS 8.8fixed in 11.5\(1\)2020-09-23
CVE-2020-3135 [HIGH] CWE-352 CVE-2020-3135: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker
nvd
CVE-2019-15963MEDIUMCVSS 6.5≥ 10.5, ≤ 10.5\(2.10000.5\)≥ 11.5, ≤ 11.5\(1.10000.6\)+2 more2020-09-23
CVE-2019-15963 [MEDIUM] CWE-200 CVE-2019-15963: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of th
nvd
CVE-2020-3346MEDIUMCVSS 6.1≥ 10.5\(2\), ≤ 10.5\(2\)su10≥ 11.5\(1\), ≤ 11.5\(1\)su8+2 more2020-08-17
CVE-2020-3346 [MEDIUM] CWE-79 CVE-2020-3346: A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not prope
nvd
CVE-2020-3282MEDIUMCVSS 6.1≥ 10.5\(2\), < 10.5\(2\)su10≥ 11.5\(1\), < 11.5\(1\)su8+2 more2020-07-02
CVE-2020-3282 [MEDIUM] CWE-79 CVE-2020-3282: A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us
nvd
CVE-2020-3177HIGHCVSS 7.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2020-04-15
CVE-2020-3177 [HIGH] CWE-22 CVE-2020-3177: A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communication
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of u
nvd
CVE-2015-0749MEDIUMCVSS 6.1≤ 10.5\(2.10000.5\)2020-02-19
CVE-2015-0749 [MEDIUM] CWE-79 CVE-2015-0749: A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attac
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user
nvd
CVE-2019-15972HIGHCVSS 8.8v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-11-26
CVE-2019-15972 [HIGH] CWE-89 CVE-2019-15972: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authentica
nvd
CVE-2019-12710MEDIUMCVSS 4.9v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-12710 [MEDIUM] CWE-89 CVE-2019-12710: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improp
nvd
CVE-2019-1915MEDIUMCVSS 6.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-1915 [MEDIUM] CWE-352 CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Co
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS
nvd
CVE-2019-15272MEDIUMCVSS 6.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-15272 [MEDIUM] CWE-264 CVE-2019-15272: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerabi
nvd
CVE-2019-12715MEDIUMCVSS 6.1v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-12715 [MEDIUM] CWE-79 CVE-2019-12715: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insu
nvd
CVE-2019-12711MEDIUMCVSS 6.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-12711 [MEDIUM] CWE-611 CVE-2019-12711: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. A
nvd
CVE-2019-12707MEDIUMCVSS 6.1v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-12707 [MEDIUM] CWE-79 CVE-2019-12707: A vulnerability in the web-based interface of multiple Cisco Unified Communications products could a
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based inte
nvd
CVE-2019-12716MEDIUMCVSS 6.1v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-10-02
CVE-2019-12716 [MEDIUM] CWE-79 CVE-2019-12716: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of us
nvd
CVE-2019-1887HIGHCVSS 7.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-07-06
CVE-2019-1887 [HIGH] CWE-787 CVE-2019-1887: A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Co
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malforme
nvd
CVE-2019-1837HIGHCVSS 7.5v10.5\(2.10000.5\)v11.5\(1.10000.6\)+2 more2019-04-18
CVE-2019-1837 [HIGH] CWE-129 CVE-2019-1837: A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified
A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerabil
nvd
CVE-2018-0474HIGHCVSS 8.8v10.5\(2.14076.1\)2019-01-10
CVE-2018-0474 [HIGH] CWE-200 CVE-2018-0474: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified
nvd
CVE-2018-15403MEDIUMCVSS 5.4v10.5\(2.10000.5\)v11.0\(1.10000.10\)+2 more2018-10-05
CVE-2018-15403 [MEDIUM] CWE-601 CVE-2018-15403: A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Mana
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the paramete
nvd