Vulnerabilities > Cisco > Unified Communications Manager > 10.5.2.su5

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-20791 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-22
6.5
6.5
2021-11-04 CVE-2021-34701 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device.
network
low complexity
cisco CWE-22
4.3
4.3
2021-04-08 CVE-2021-1409 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
6.1
2021-04-08 CVE-2021-1408 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
6.1
2021-04-08 CVE-2021-1407 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
6.1
2021-04-08 CVE-2021-1406 Information Exposure vulnerability in Cisco Unified Communications Manager
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-200
4.9
4.9
2021-04-08 CVE-2021-1380 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
6.1
2021-01-20 CVE-2021-1364 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
4.9
4.9
2021-01-20 CVE-2021-1357 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-22
6.5
6.5
2021-01-20 CVE-2021-1355 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
6.5
6.5