Page 5 of 62 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. Cisco Unified Communications Manager (UCM) 8.0 hasta la versión 8.6 permite a atacantes remotos eludir el mecanismo de protección XSS a través de un parámetro manipulado, también conocido como Bug ID CSCuu15266 • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm http://www.securityfocus.com/bid/79196 http://www.securitytracker.com/id/1034430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores tiene una configuración de restricciones CLI incorrecta, lo que permite a usuarios remotos autenticados establecer inicios de sesión concurrentes sin detección a través de vectores no especificados, también conocido como Bug ID CSCup98029. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332 http://tools.cisco.com/security/center/viewAlert.x?alertId=35198 http://www.securityfocus.com/bid/69068 http://www.securitytracker.com/id/1030687 https://exchange.xforce.ibmcloud.com/vulnerabilities/95136 •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a usuarios remotos autenticados obtener información de usuarios potencialmente sensible mediante la visita a una página web de la interfaz gráfica de usuario (GUI) de administración no especificada, también conocido como Bug IDs CSCun46045 y CSCun46116. • http://secunia.com/advisories/58400 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280 http://tools.cisco.com/security/center/viewAlert.x?alertId=34379 http://www.securityfocus.com/bid/67661 http://www.securitytracker.com/id/1030306 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. La interfaz gráfica de usuario (GUI) Administration en el Framewrok web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a atacantes remotos enumerar nombres de cuentas a través de una URL manipulada, también conocido como Bug IDs CSCun39631 y CSCun39643. • http://secunia.com/advisories/58400 http://secunia.com/advisories/58657 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279 http://tools.cisco.com/security/center/viewAlert.x?alertId=34381 http://www.securityfocus.com/bid/67663 http://www.securitytracker.com/id/1030306 • CWE-264: Permissions, Privileges, and Access Controls •