Vulnerabilities > Cisco > Telepresence Video Communication Server Software > x8.5.3

DATE	CVE	VULNERABILITY TITLE	RISK
2016-07-07	CVE-2016-1444	Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. network cisco CWE-20	5.8
2016-02-09	CVE-2016-1316	Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. network low complexity cisco CWE-200	5.0
2015-08-20	CVE-2015-4315	Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.3 The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. network low complexity cisco CWE-20	5.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.