CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2184
https://notcve.org/view.php?id=CVE-2014-2184
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. El componente IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) permite a atacantes remotos obtener información sensible a través de una URL manipulada, también conocido como Bug ID CSCun74352. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2104
https://notcve.org/view.php?id=CVE-2014-2104
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Múltiples vulnerabilidades de XSS en la página Business Voice Services Manager (BVSM) en Cisco Unified Communications Domain Manager 9.0(.1) permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs CSCum78536, CSCum78526, CSCum69809 y CSCum63113. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104 http://tools.cisco.com/security/center/viewAlert.x?alertId=33111 http://www.securityfocus.com/bid/65869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0743
https://notcve.org/view.php?id=CVE-2014-0743
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos manipulados, también conocido como Bug ID CSCum95468. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 http://tools.cisco.com/security/center/viewAlert.x?alertId=33044 http://www.securitytracker.com/id/1029843 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0740
https://notcve.org/view.php?id=CVE-2014-0740
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. Vulnerabilidad de CSRF en la interfaz Call Detail Records Analysis and Reporting (CAR) en el componente OS Administration en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan cambios administrativos, también conocido como Bug ID CSCun00701. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 http://tools.cisco.com/security/center/viewAlert.x?alertId=33049 http://www.securitytracker.com/id/1029843 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0741
https://notcve.org/view.php?id=CVE-2014-0741
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. La funcionalidad certificate-import en la implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a través de un comando manipulado, también conocido como Bug ID CSCum95461. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741 http://tools.cisco.com/security/center/viewAlert.x?alertId=33046 http://www.securitytracker.com/id/1029843 • CWE-310: Cryptographic Issues •