Vulnerabilities > Cisco > Hosted Collaboration Mediation Fulfillment > 10.6.1.base

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1478 Unspecified vulnerability in Cisco Unified Communications Manager
A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
network
low complexity
cisco
6.5
6.5
2020-09-23 CVE-2020-3124 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
6.5
6.5
2020-05-06 CVE-2020-3256 XXE vulnerability in Cisco Hosted Collaboration Mediation Fulfillment
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.
network
low complexity
cisco CWE-611
4.9
4.9
2016-09-12 CVE-2016-6371 Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
network
low complexity
cisco CWE-22
7.5
7.5
2016-09-12 CVE-2016-6370 Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
network
low complexity
cisco CWE-22
4.3
4.3