Vulnerabilities > Cisco > Unity Connection
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-1685 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-15426 | Cross-site Scripting vulnerability in Cisco Unity Connection Vmo11.5(1) A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 3.5 |
| 2018-10-05 | CVE-2018-15403 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. | 4.9 |
| 2018-10-05 | CVE-2018-15396 | Resource Exhaustion vulnerability in Cisco Unity Connection 12.5 A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 4.0 |
| 2018-06-07 | CVE-2018-0354 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |
| 2018-06-07 | CVE-2017-6779 | Resource Exhaustion vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 7.8 |
| 2018-02-22 | CVE-2018-0203 | Unspecified vulnerability in Cisco Unity Connection A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. | 5.0 |
| 2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 10.0 |
| 2017-09-07 | CVE-2017-12212 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2) A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2017-05-03 | CVE-2017-6629 | Path Traversal vulnerability in Cisco Unity Connection 10.5(2) A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. | 5.0 |