Vulnerabilities > Cisco > Unified Communications Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-27 | CVE-2016-6440 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4) The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. | 6.5 |
| 2016-01-08 | CVE-2015-6433 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | 6.5 |