Vulnerabilities > Cisco > Unified Communications Domain Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-0386 Cross-site Scripting vulnerability in Cisco products
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system.
network
cisco CWE-79
4.3
2018-06-21 CVE-2018-0364 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
cisco CWE-352
6.8
2017-11-16 CVE-2017-12302 SQL Injection vulnerability in Cisco Unified Communications Domain Manager
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
4.0
2017-06-13 CVE-2017-6670 Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue.
network
cisco CWE-601
5.8
2017-06-13 CVE-2017-6668 SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
4.0
2016-03-03 CVE-2016-1354 Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0/8.0.1/8.0.2
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.
network
cisco CWE-79
4.3
2015-12-14 CVE-2015-6422 Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.
network
low complexity
cisco CWE-399
4.0
2015-10-30 CVE-2015-6352 Information Exposure vulnerability in Cisco products
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.
network
cisco CWE-200
4.3
2015-07-04 CVE-2015-4196 Credentials Management vulnerability in Cisco Unified Communications Domain Manager
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
network
low complexity
cisco CWE-255
5.0
2015-06-30 CVE-2015-4229 Information Exposure vulnerability in Cisco Unified Communications Domain Manager 8.1.4Er1
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
network
low complexity
cisco CWE-200
5.0