CVEDB API

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Communications Manager >> 9.1.1(a) Security Vulnerabilities

CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

CVSS Score

4.0

EPSS Score

0.615

Published

2013-10-11

CVE-2013-3472

Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.

CVSS Score

6.8

EPSS Score

0.001

Published

2013-08-29

CVE-2013-3462

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

CVSS Score

8.5

EPSS Score

0.088

Published

2013-08-25

CVE-2013-3442

The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.

CVSS Score

4.0

EPSS Score

0.002

Published

2013-08-05

CVE-2013-3450

Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.

CVSS Score

6.8

EPSS Score

0.001

Published

2013-08-05

CVE-2013-3451

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.

CVSS Score

6.8

EPSS Score

0.001

Published

2013-08-05

CVE-2013-3402

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

CVSS Score

6.5

EPSS Score

0.004

Published

2013-07-18

CVE-2013-3403

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.

CVSS Score

6.8

EPSS Score

0.001

Published

2013-07-18

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

CVSS Score

7.5

EPSS Score

0.004

Published

2013-07-18

CVE-2013-3412

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.

CVSS Score

6.5

EPSS Score

0.003

Published

2013-07-18

Prev Next

Page 6

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Communications Manager >> 9.1.1(a) Security Vulnerabilities

Products

Pricing

Contact Us