8.0.2a

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-23	CVE-2020-3135	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. network cisco CWE-352	6.8
2020-02-19	CVE-2015-0749	Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. network cisco CWE-79	4.3
2014-11-14	CVE-2014-7991	Cryptographic Issues vulnerability in Cisco Unified Communications Manager The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. network cisco CWE-310	4.3
2014-08-11	CVE-2014-3332	Unspecified vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. network low complexity cisco	4.0
2014-02-27	CVE-2014-0747	Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. local low complexity cisco CWE-20	6.8
2014-02-27	CVE-2014-0743	Improper Authentication vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. network low complexity cisco CWE-287	5.0
2014-02-27	CVE-2014-0742	Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. local low complexity cisco CWE-20	6.2
2014-02-27	CVE-2014-0741	Cryptographic Issues vulnerability in Cisco Unified Communications Manager The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. local low complexity cisco CWE-310	6.2
2014-02-27	CVE-2014-0740	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. network cisco CWE-352	6.8
2014-02-22	CVE-2014-0731	Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. network low complexity cisco CWE-264	5.0