CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4206
https://notcve.org/view.php?id=CVE-2015-4206
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. Cisco Unified Communications Manager (UCM) 8.0 hasta la versión 8.6 permite a atacantes remotos eludir el mecanismo de protección XSS a través de un parámetro manipulado, también conocido como Bug ID CSCuu15266 • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm http://www.securityfocus.com/bid/79196 http://www.securitytracker.com/id/1034430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3332
https://notcve.org/view.php?id=CVE-2014-3332
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores tiene una configuración de restricciones CLI incorrecta, lo que permite a usuarios remotos autenticados establecer inicios de sesión concurrentes sin detección a través de vectores no especificados, también conocido como Bug ID CSCup98029. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332 http://tools.cisco.com/security/center/viewAlert.x?alertId=35198 http://www.securityfocus.com/bid/69068 http://www.securitytracker.com/id/1030687 https://exchange.xforce.ibmcloud.com/vulnerabilities/95136 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3280
https://notcve.org/view.php?id=CVE-2014-3280
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a usuarios remotos autenticados obtener información de usuarios potencialmente sensible mediante la visita a una página web de la interfaz gráfica de usuario (GUI) de administración no especificada, también conocido como Bug IDs CSCun46045 y CSCun46116. • http://secunia.com/advisories/58400 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280 http://tools.cisco.com/security/center/viewAlert.x?alertId=34379 http://www.securityfocus.com/bid/67661 http://www.securitytracker.com/id/1030306 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3282
https://notcve.org/view.php?id=CVE-2014-3282
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. La interfaz gráfica de usuario (GUI) Administration en el Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a usuarios remotos autenticados obtener información de traducción de número sensible mediante el aprovechamiento de privilegios Location Administrator y la entrada en una URL manipulada, también conocido como Bug ID CSCum76930. • http://secunia.com/advisories/58400 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282 http://tools.cisco.com/security/center/viewAlert.x?alertId=34382 http://www.securityfocus.com/bid/67666 http://www.securitytracker.com/id/1030306 • CWE-264: Permissions, Privileges, and Access Controls •