Vulnerabilities > Cisco > Unified Communications Manager > 10.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2020-3135 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. | 6.8 |
| 2020-02-19 | CVE-2015-0749 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. | 4.3 |
| 2018-06-07 | CVE-2017-6779 | Resource Exhaustion vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 7.8 |
| 2014-11-14 | CVE-2014-7991 | Cryptographic Issues vulnerability in Cisco Unified Communications Manager The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | 4.3 |
| 2014-08-12 | CVE-2014-3338 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1) The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | 8.5 |
| 2014-07-14 | CVE-2014-3319 | Path Traversal vulnerability in Cisco Unified Communications Manager 10.0(1) Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | 6.8 |
| 2014-07-14 | CVE-2014-3317 | Path Traversal vulnerability in Cisco Unified Communications Manager 10.0(1) Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | 5.5 |
| 2014-02-27 | CVE-2014-0747 | Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | 6.8 |
| 2014-02-27 | CVE-2014-0743 | Improper Authentication vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | 5.0 |
| 2014-02-27 | CVE-2014-0742 | Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | 6.2 |