Vulnerabilities > Cisco > Unity > 4.0.4

DATE CVE VULNERABILITY TITLE RISK
2008-10-13 CVE-2008-4545 Permissions, Privileges, and Access Controls vulnerability in Cisco Unity
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
network
low complexity
cisco CWE-264
4.0
4.0
2008-10-13 CVE-2008-4543 Resource Management Errors vulnerability in Cisco Unity
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.
network
cisco CWE-399
7.1
7.1
2008-10-13 CVE-2008-4542 Cross-Site Scripting vulnerability in Cisco Unity
Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).
network
cisco CWE-79
3.5
3.5
2008-10-08 CVE-2008-3814 Improper Authentication vulnerability in Cisco Unity
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
network
cisco CWE-287
5.8
5.8