Vulnerabilities > Cisco > Unified Communications Domain Manager > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-22 | CVE-2018-0124 | Key Management Errors vulnerability in Cisco Unified Communications Domain Manager A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. | 7.5 |
| 2016-03-03 | CVE-2016-1354 | Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0/8.0.1/8.0.2 Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | 4.3 |
| 2014-12-22 | CVE-2014-8018 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0 Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. | 4.3 |
| 2014-12-10 | CVE-2014-8010 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager 8.0 The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | 6.5 |
| 2014-08-12 | CVE-2014-3337 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. | 6.8 |
| 2014-07-18 | CVE-2014-3320 | Unspecified vulnerability in Cisco Unified Communications Domain Manager Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. network cisco | 5.8 |
| 2014-06-03 | CVE-2014-3280 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | 4.0 |
| 2014-05-29 | CVE-2014-3283 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. | 5.8 |
| 2014-05-29 | CVE-2014-3282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. | 4.0 |
| 2014-05-29 | CVE-2014-3279 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | 5.0 |