Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-04-29	CVE-2014-2184	Improper Input Validation vulnerability in Cisco Unified Communications Manager The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. network low complexity cisco CWE-20	5.0
2014-02-27	CVE-2014-0747	Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. local low complexity cisco CWE-20	6.8
2014-02-27	CVE-2014-0743	Improper Authentication vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. network low complexity cisco CWE-287	5.0
2014-02-27	CVE-2014-0742	Improper Input Validation vulnerability in Cisco Unified Communications Manager The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. local low complexity cisco CWE-20	6.2
2014-02-27	CVE-2014-0741	Cryptographic Issues vulnerability in Cisco Unified Communications Manager The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. local low complexity cisco CWE-310	6.2
2014-02-27	CVE-2014-0740	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. network cisco CWE-352	6.8
2014-02-22	CVE-2014-0731	Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. network low complexity cisco CWE-264	5.0
2014-02-20	CVE-2014-0733	Improper Authentication vulnerability in Cisco Unified Communications Manager The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. network low complexity cisco CWE-287	5.0
2014-02-20	CVE-2014-0736	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. network cisco CWE-352	6.8
2014-02-20	CVE-2014-0735	Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. network cisco CWE-79	4.3