Vulnerabilities > Cisco > Unified Presence Server > 7.0.3

DATE CVE VULNERABILITY TITLE RISK
2011-08-29 CVE-2011-1643 Information Exposure vulnerability in Cisco products
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
network
low complexity
cisco CWE-200
critical
 10.0
10
2010-08-26 CVE-2010-2840 Improper Input Validation vulnerability in Cisco Unified Presence Server
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
network
low complexity
cisco CWE-20
7.8
7.8
2010-08-26 CVE-2010-2839 Resource Management Errors vulnerability in Cisco Unified Presence Server
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
network
low complexity
cisco CWE-399
7.8
7.8
2009-10-16 CVE-2009-2874 Denial of Service vulnerability in Cisco Unified Presence TimesTenD Process
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
network
low complexity
cisco
7.8
7.8