Vulnerabilities > Cisco > Unity Connection > 12.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-1915 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-10-02 | CVE-2019-12707 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 4.3 |
| 2019-02-21 | CVE-2019-1685 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-15396 | Resource Exhaustion vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 4.0 |
| 2018-06-07 | CVE-2018-0354 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |