Vulnerabilities > Cisco > Unified Communications Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-0266 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. | 4.3 |
| 2018-03-27 | CVE-2018-0198 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 5.3 |
| 2018-02-22 | CVE-2018-0206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-02-08 | CVE-2018-0135 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.0(1.24075.1) A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. | 4.3 |
| 2018-02-08 | CVE-2018-0120 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. | 4.3 |
| 2018-01-18 | CVE-2018-0105 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 5.3 |
| 2018-01-11 | CVE-2018-0118 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-11-30 | CVE-2017-12357 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 9.8 |
| 2017-10-05 | CVE-2017-12258 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. | 6.1 |