Vulnerabilities > Cisco > Unified Communications Domain Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-12 | CVE-2014-3337 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. | 6.8 |
| 2014-07-18 | CVE-2014-3320 | Unspecified vulnerability in Cisco Unified Communications Domain Manager Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. network cisco | 5.8 |
| 2014-06-08 | CVE-2014-3281 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | 5.0 |
| 2014-06-08 | CVE-2014-3278 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | 5.0 |
| 2014-06-03 | CVE-2014-3280 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | 4.0 |
| 2014-05-29 | CVE-2014-3283 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. | 5.8 |
| 2014-05-29 | CVE-2014-3282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. | 4.0 |
| 2014-05-29 | CVE-2014-3279 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | 5.0 |
| 2014-05-29 | CVE-2014-3277 | Improper Authentication vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | 4.0 |
| 2014-03-02 | CVE-2014-2104 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 9.0(.1) Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. | 4.3 |