Vulnerabilities > Cisco > Unified Communications Manager > 9.9.9.st1.9

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-20791 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-22
6.5
2021-11-04 CVE-2021-34701 Path Traversal vulnerability in Cisco Unified Communications Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device.
network
low complexity
cisco CWE-22
4.3
2021-04-08 CVE-2021-1409 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
2021-04-08 CVE-2021-1408 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
2021-04-08 CVE-2021-1407 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
2021-04-08 CVE-2021-1380 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
network
low complexity
cisco CWE-79
6.1
2021-01-20 CVE-2021-1364 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
4.9
2021-01-20 CVE-2021-1357 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-22
6.5
2021-01-20 CVE-2021-1355 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
6.5
2021-01-20 CVE-2021-1282 SQL Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
4.9