Vulnerabilities > Cisco > Unified Communications Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-18 | CVE-2013-3403 | Unspecified vulnerability in Cisco Unified Communications Manager Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | 6.8 |
2013-07-18 | CVE-2013-3402 | Code Injection vulnerability in Cisco Unified Communications Manager An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | 6.5 |
2013-06-26 | CVE-2013-3397 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | 6.8 |
2013-05-16 | CVE-2013-1188 | Improper Authentication vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | 5.0 |
2013-05-04 | CVE-2013-1240 | Improper Input Validation vulnerability in Cisco Unified Communications Manager The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | 4.6 |
2012-05-03 | CVE-2012-0376 | Denial-Of-Service vulnerability in Cisco Unified Communications Manager 8.5 The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. | 5.0 |
2012-05-03 | CVE-2011-4019 | Resource Management Errors vulnerability in Cisco IOS and Unified Communications Manager Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. | 5.4 |
2012-03-01 | CVE-2011-4487 | SQL Injection vulnerability in Cisco products SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. | 6.8 |
2011-05-03 | CVE-2011-1610 | SQL Injection vulnerability in Cisco Unified Communications Manager Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. | 6.4 |
2011-05-03 | CVE-2011-1607 | Path Traversal vulnerability in Cisco Unified Communications Manager Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. | 6.5 |