Vulnerabilities > Cisco > Unity Connection > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-09 | CVE-2016-1319 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | 5.0 |
| 2016-02-06 | CVE-2016-1310 | Cross-site Scripting vulnerability in Cisco Unity Connection 11.5(0.199) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | 4.3 |
| 2016-01-30 | CVE-2016-1304 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | 4.3 |
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 4.3 |
| 2015-12-12 | CVE-2015-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | 6.8 |
| 2015-12-03 | CVE-2015-6390 | Cross-site Scripting vulnerability in Cisco Unity Connection 9.1(1.10) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. | 4.3 |
| 2015-09-20 | CVE-2015-6299 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 6.5 |
| 2015-05-07 | CVE-2015-0716 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.0(0.98000.225)/11.0(0.98000.332) Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | 6.8 |
| 2015-05-07 | CVE-2015-0715 | SQL Injection vulnerability in Cisco Unity Connection 11.0(0.98000.225) SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | 6.5 |
| 2014-11-07 | CVE-2014-7988 | Information Exposure vulnerability in Cisco Unity Connection The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | 4.0 |