12.5

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-26	CVE-2024-20253	Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. network low complexity cisco CWE-502 critical	10.0
2022-07-06	CVE-2022-20791	Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. network low complexity cisco CWE-22	6.5
2022-07-06	CVE-2022-20800	Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. network low complexity cisco CWE-79	6.1
2021-11-04	CVE-2021-34701	Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. network low complexity cisco CWE-22	4.3
2021-11-04	CVE-2021-34773	Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. network low complexity cisco CWE-352	6.5
2021-05-06	CVE-2021-1363	Unspecified vulnerability in Cisco Unified Communications Manager IM and Presence Service Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. network low complexity cisco	8.1
2021-05-06	CVE-2021-1365	SQL Injection vulnerability in Cisco Unified Communications Manager IM and Presence Service Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. network low complexity cisco CWE-89	8.1
2021-01-20	CVE-2021-1364	SQL Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. network low complexity cisco CWE-89	4.9
2021-01-20	CVE-2021-1357	Path Traversal vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. network low complexity cisco CWE-22	6.5
2021-01-20	CVE-2021-1355	SQL Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. network low complexity cisco CWE-89	6.5