Vulnerabilities > Cisco > Unified Communications Manager IM AND Presence Service > 12.5

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-20253 Deserialization of Untrusted Data vulnerability in Cisco products
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-502
critical
10.0
2022-07-06 CVE-2022-20791 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-22
6.5
2022-07-06 CVE-2022-20800 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
6.1
2021-11-04 CVE-2021-34701 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device.
network
low complexity
cisco CWE-22
4.3
2021-11-04 CVE-2021-34773 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device.
network
low complexity
cisco CWE-352
6.5
2021-05-06 CVE-2021-1363 Unspecified vulnerability in Cisco Unified Communications Manager IM and Presence Service
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco
8.1
2021-05-06 CVE-2021-1365 SQL Injection vulnerability in Cisco Unified Communications Manager IM and Presence Service
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
8.1
2021-01-20 CVE-2021-1364 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
4.9
2021-01-20 CVE-2021-1357 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-22
6.5
2021-01-20 CVE-2021-1355 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
6.5