CVSS: 7.1EPSS: 2%CPEs: 14EXPL: 0CVE-2008-4543
https://notcve.org/view.php?id=CVE-2008-4543
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificación anónima (también conocida como autenticación nativa Unity), permite a atacantes remotos provocar una denegación de servicio (agotamiento de sesión) a través de un gran número de conexiones. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021013 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=128 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45743 • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4542
https://notcve.org/view.php?id=CVE-2008-4542
Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unity 4.x anteriores a v4.2(1)ES162, 5.x anteriores a v5.0(1)ES56, y 7.x anteriores a v7.0(2)ES8, que permite a los administradores autenticados remotos inyectar una secuencia de comandos web o HTML arbitrarios metiéndolos en la base de datos (también conocida como almacén de datos). • http://secunia.com/advisories/32207 http://securitytracker.com/id?1021012 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=127 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4545
https://notcve.org/view.php?id=CVE-2008-4545
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. Cisco Unity v4.x anteriores a v4.2(1)ES161, v5.x anteriores a v5.0(1)ES53, and v7.x anteriores a v7.0(2)ES8 usa permisos débiles para el directorio D:\CommServer\Reports directory, lo que permite a usuarios remotos autentificados conseguir información sensible, leyendo ficheros en este directorio. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021022 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=130 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45742 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-3814
https://notcve.org/view.php?id=CVE-2008-3814
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. Una vulnerabilidad no especificada en Unity de Cisco versiones 4.x anteriores a 4.2 (1) ES161, versiones 5.x anteriores a 5.0 (1) ES53 y versiones 7.x anteriores 7.0 (2) ES8, cuando utiliza autenticación anónima (también conocida como autenticación Unity nativa), permite a los atacantes remotos omitir la autenticación y leer o modificar los parámetros de configuración del sistema yendo hacia un enlace específico más de una vez. • http://secunia.com/advisories/32187 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31638 http://www.securityfocus.com/bid/31642 http://www.securitytracker.com/id?1021011 http://www.voipshield.com/research-details.php?id=126 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45741 • CWE-287: Improper Authentication •