CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3332
https://notcve.org/view.php?id=CVE-2014-3332
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores tiene una configuración de restricciones CLI incorrecta, lo que permite a usuarios remotos autenticados establecer inicios de sesión concurrentes sin detección a través de vectores no especificados, también conocido como Bug ID CSCup98029. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332 http://tools.cisco.com/security/center/viewAlert.x?alertId=35198 http://www.securityfocus.com/bid/69068 http://www.securitytracker.com/id/1030687 https://exchange.xforce.ibmcloud.com/vulnerabilities/95136 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3317
https://notcve.org/view.php?id=CVE-2014-3317
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76314. • http://secunia.com/advisories/59727 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317 http://tools.cisco.com/security/center/viewAlert.x?alertId=34898 http://www.securityfocus.com/bid/68481 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3319
https://notcve.org/view.php?id=CVE-2014-3319
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. Vulnerabilidad de salto de directorio en Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CM) 10.0(1) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup57676. • http://secunia.com/advisories/59734 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319 http://tools.cisco.com/security/center/viewAlert.x?alertId=34909 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94436 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3318
https://notcve.org/view.php?id=CVE-2014-3318
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. Vulnerabilidad de salto de directorio en dna/viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76318. • http://secunia.com/advisories/59728 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318 http://tools.cisco.com/security/center/viewAlert.x?alertId=34897 http://www.securityfocus.com/bid/68482 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94433 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3315
https://notcve.org/view.php?id=CVE-2014-3315
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. Vulnerabilidad de XSS en viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCup76308. • http://secunia.com/advisories/59739 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315 http://tools.cisco.com/security/center/viewAlert.x?alertId=34900 http://www.securityfocus.com/bid/68477 https://exchange.xforce.ibmcloud.com/vulnerabilities/94430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •