CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3316
https://notcve.org/view.php?id=CVE-2014-3316
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados evadir las restricciones de subida a través de un parámetro manipulado, también conocido como Bug ID CSCup76297. • http://secunia.com/advisories/59730 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316 http://tools.cisco.com/security/center/viewAlert.x?alertId=34899 http://www.securityfocus.com/bid/68479 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94429 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3315
https://notcve.org/view.php?id=CVE-2014-3315
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. Vulnerabilidad de XSS en viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCup76308. • http://secunia.com/advisories/59739 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315 http://tools.cisco.com/security/center/viewAlert.x?alertId=34900 http://www.securityfocus.com/bid/68477 https://exchange.xforce.ibmcloud.com/vulnerabilities/94430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2197
https://notcve.org/view.php?id=CVE-2014-2197
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. La interfaz gráfica de usuario (GUI) Administration en el Framework web en Cisco Unified Communications Domain Manager (CDM) en Unified CDM Application Software anterior a 8.1.4 no implementa debidamente el control de acceso, lo que permite a usuarios remotos autenticados modificar las credenciales administrativas a través de una URL manipulada, también conocido como Bug ID CSCun49862. • http://secunia.com/advisories/59573 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689 http://www.securityfocus.com/bid/68333 http://www.securitytracker.com/id/1030515 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2014-2198
https://notcve.org/view.php?id=CVE-2014-2198
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. Cisco Unified Communications Domain Manager (CDM) en Unified CDM Platform Software anterior a 4.4.2 tiene una clave privada SSH embebida, lo que facilita a atacantes remotos obtener acceso a las cuentas de soporte y root mediante la extracción de esta clave de un fichero binario que se encuentra en una instalación diferente del producto, también conocido como Bug ID CSCud41130. • http://secunia.com/advisories/59544 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689 http://www.securityfocus.com/bid/68334 http://www.securitytracker.com/id/1030515 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3300 – Viproy CUCDM IP Phone XML Services Call Forwarding Tool
https://notcve.org/view.php?id=CVE-2014-3300
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. El portal BVSMWeb en el Framework web en Cisco Unified Communications Domain Manager (CDM) en Unified CDM Application Software anterior a 10 no implementa debidamente el control de acceso, lo que facilita a atacantes remotos modificar información de usuario a través de una URL manipulada, también conocido como Bug ID CSCum77041. • http://secunia.com/advisories/59556 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689 http://www.securityfocus.com/bid/68331 http://www.securitytracker.com/id/1030515 - • CWE-264: Permissions, Privileges, and Access Controls •