CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3877
https://notcve.org/view.php?id=CVE-2017-3877
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). Una vulnerabilidad en el marco web de Cisco Unified Communications Manager (CallManager) podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de falsificación de solicitud entre sitios (CSRF) contra un usuario de la interfaz web del software afectado. Más información: CSCvb70021. • http://www.securityfocus.com/bid/96915 http://www.securitytracker.com/id/1038038 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3833
https://notcve.org/view.php?id=CVE-2017-3833
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en el marco web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web del software afectado. • http://www.securityfocus.com/bid/96246 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3836
https://notcve.org/view.php?id=CVE-2017-3836
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en el marco web Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado visualizar datos sensibles. • http://www.securityfocus.com/bid/96251 http://www.securitytracker.com/id/1037840 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3828
https://notcve.org/view.php?id=CVE-2017-3828
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. • http://www.securityfocus.com/bid/96240 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3829
https://notcve.org/view.php?id=CVE-2017-3829
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. • http://www.securityfocus.com/bid/96250 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •