Vulnerabilities > Cisco > Unified Communications Manager > 11.0.1.10000.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-6791 | Unspecified vulnerability in Cisco Unified Communications Manager A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2017-08-17 | CVE-2017-6785 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. | 4.0 |
| 2017-08-07 | CVE-2017-6757 | SQL Injection vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. | 6.5 |
| 2017-05-22 | CVE-2017-6654 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-04-20 | CVE-2017-3808 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Unified Communications Manager A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2017-04-07 | CVE-2017-3886 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
| 2017-03-17 | CVE-2017-3872 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3829 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3828 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2016-02-09 | CVE-2016-1319 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | 5.0 |