CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9210
https://notcve.org/view.php?id=CVE-2016-9210
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). Una vulnerabilidad en la herramienta de subida Cisco Unified Reporting accediendo a través Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado modificar archivos arbitrarios en el sistema de archivos. • http://www.securityfocus.com/bid/94798 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9206
https://notcve.org/view.php?id=CVE-2016-9206
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). Una vulnerabilidad en la página ccmadmin de Cisco Unified Communications Manager (CUCM) podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS. • http://www.securityfocus.com/bid/94793 http://www.securitytracker.com/id/1037424 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6472
https://notcve.org/view.php?id=CVE-2016-6472
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). Una vulnerabilidad en varios parámetros de la página ccmivr de Cisco Unified Communication Manager (CallManager) podrían permitir a un atacante remoto no autenticado lanzar un ataque de XSS contra un usuario de la interfaz web en el sistema afectado. • http://www.securityfocus.com/bid/94364 http://www.securitytracker.com/id/1037305 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6440
https://notcve.org/view.php?id=CVE-2016-6440
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). El Cisco Unified Communications Manager (CUCM) puede ser vulnerable a los datos que se pueden mostrar dentro de un marco en una página web, lo que a su vez puede llevar a un ataque de clickjacking. • http://www.securityfocus.com/bid/93521 http://www.securitytracker.com/id/1037005 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6364
https://notcve.org/view.php?id=CVE-2016-6364
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. La implementación de la API User Data Services (UDS) en Cisco Unified Communications Manager 11.5 permite a atacantes remotos eludir las restricciones destinadas al acceso y obtener información sensible a través de llamadas a la API no especificadas, también conocido como Bug ID CSCux67855. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm http://www.securityfocus.com/bid/92517 http://www.securitytracker.com/id/1036650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •