Vulnerabilities > Cisco > Unified Communications Domain Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-0386 | Cross-site Scripting vulnerability in Cisco products A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. | 4.3 |
| 2018-06-21 | CVE-2018-0364 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2017-11-16 | CVE-2017-12302 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
| 2017-06-13 | CVE-2017-6670 | Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. | 5.8 |
| 2017-06-13 | CVE-2017-6668 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
| 2016-03-03 | CVE-2016-1354 | Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0/8.0.1/8.0.2 Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | 4.3 |
| 2015-12-14 | CVE-2015-6422 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1 The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | 4.0 |
| 2015-10-30 | CVE-2015-6352 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 4.3 |
| 2015-07-04 | CVE-2015-4196 | Credentials Management vulnerability in Cisco Unified Communications Domain Manager Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. | 5.0 |
| 2015-06-30 | CVE-2015-4229 | Information Exposure vulnerability in Cisco Unified Communications Domain Manager 8.1.4Er1 The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. | 5.0 |