Vulnerabilities > Cisco > Unified Communications Manager > 12.5.1.10000.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12710 | SQL Injection vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. | 4.0 |
| 2019-10-02 | CVE-2019-12707 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 4.3 |
| 2019-07-06 | CVE-2019-1887 | Out-of-bounds Write vulnerability in Cisco Unified Communications Manager A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2019-04-18 | CVE-2019-1837 | Improper Input Validation vulnerability in Cisco Unified Communications Manager A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. | 7.8 |