CVEDB API

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Web And E-Mail Interaction Manager Security Vulnerabilities

CVE-2015-6416

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

CVSS Score

4.3

EPSS Score

0.003

Published

2015-12-14

CVE-2015-6255

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.

CVSS Score

4.3

EPSS Score

0.005

Published

2015-08-19

CVE-2015-4299

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046.

CVSS Score

5.5

EPSS Score

0.005

Published

2015-08-19

CVE-2015-4298

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.

CVSS Score

6.5

EPSS Score

0.005

Published

2015-08-19

CVE-2015-0753

SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.

CVSS Score

6.8

EPSS Score

0.003

Published

2015-05-29

CVE-2015-0655

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVSS Score

4.3

EPSS Score

0.003

Published

2015-02-28

CVE-2014-2192

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.

CVSS Score

4.3

EPSS Score

0.003

Published

2014-05-20

CVE-2014-2193

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

CVSS Score

4.3

EPSS Score

0.002

Published

2014-05-20

CVE-2014-2194

system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.

CVSS Score

6.8

EPSS Score

0.004

Published

2014-05-20

Page 1

Vulnerabilities

Vulnerable Software

Cisco: >> Unified Web And E-Mail Interaction Manager Security Vulnerabilities

Products

Pricing

Contact Us