Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-27 | CVE-2014-0740 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | 6.8 |
| 2014-02-22 | CVE-2014-0737 | Improper Authentication vulnerability in Cisco Unified IP Phone 7960G The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | 4.3 |
| 2014-02-22 | CVE-2014-0731 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | 5.0 |
| 2014-02-22 | CVE-2014-0730 | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | 6.8 |
| 2014-02-20 | CVE-2014-0733 | Improper Authentication vulnerability in Cisco Unified Communications Manager The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | 5.0 |
| 2014-02-20 | CVE-2014-0736 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | 6.8 |
| 2014-02-20 | CVE-2014-0735 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | 4.3 |
| 2014-02-20 | CVE-2014-0732 | Improper Authentication vulnerability in Cisco Unified Communications Manager The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | 5.0 |
| 2014-02-13 | CVE-2014-0725 | Improper Authentication vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | 5.0 |
| 2014-02-13 | CVE-2014-0724 | Improper Input Validation vulnerability in Cisco Unified Communications Manager The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | 4.0 |