NotCVE - vendor:"Cisco" product:"Unified Communications Domain Manager" version:"10.5\(2.10000.5\)"

3 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2018-0124

https://notcve.org/view.php?id=CVE-2018-0124

22 Feb 2018 — A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker t... • http://www.securityfocus.com/bid/103114 • CWE-320: Key Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-12302

https://notcve.org/view.php?id=CVE-2017-12302

16 Nov 2017 — A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presen... • http://www.securityfocus.com/bid/101853 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-0699

https://notcve.org/view.php?id=CVE-2015-0699

15 Apr 2015 — SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vulnerabilidad de inyección SQL en el componente Interactive Voice Response (IVR) en Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido co... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •