Vulnerabilities > Cisco > Unity Connection > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-08-11 CVE-2014-3336 SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2)
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.
network
low complexity
cisco CWE-89
6.5
6.5
2014-04-05 CVE-2014-2145 Path Traversal vulnerability in Cisco Unity Connection
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
network
low complexity
cisco CWE-22
4.0
4.0
2014-04-02 CVE-2014-2125 Cross-Site Scripting vulnerability in Cisco Unity Connection 8.6/8.6(1A)/8.6(2A)
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
network
cisco CWE-79
4.3
4.3
2014-01-10 CVE-2014-0664 Resource Management Errors vulnerability in Cisco Unity Connection
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.
network
low complexity
cisco CWE-399
6.8
6.8
2013-10-19 CVE-2013-5534 Path Traversal vulnerability in Cisco Unity Connection
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
network
low complexity
cisco CWE-22
4.0
4.0
2013-02-19 CVE-2013-1129 Resource Management Errors vulnerability in Cisco Unity Connection
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.
network
low complexity
cisco CWE-399
5.0
5.0
2012-09-16 CVE-2012-3096 Denial-Of-Service vulnerability in Cisco Unity Connection 7.1/8.0/8.5
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.
network
low complexity
cisco
4.0
4.0