Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-08 | CVE-2014-3286 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings Server The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661. | 5.0 |
| 2014-06-08 | CVE-2014-3281 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | 5.0 |
| 2014-06-08 | CVE-2014-3278 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | 5.0 |
| 2014-06-03 | CVE-2014-3280 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | 4.0 |
| 2014-05-29 | CVE-2014-3285 | Improper Input Validation vulnerability in Cisco Wide Area Application Services Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. | 5.0 |
| 2014-05-29 | CVE-2014-3283 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. | 5.8 |
| 2014-05-29 | CVE-2014-3282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. | 4.0 |
| 2014-05-29 | CVE-2014-3279 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | 5.0 |
| 2014-05-29 | CVE-2014-3277 | Improper Authentication vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | 4.0 |
| 2014-05-26 | CVE-2014-3276 | Resource Management Errors vulnerability in Cisco Identity Services Engine Software Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780. | 4.0 |