CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6654
https://notcve.org/view.php?id=CVE-2017-6654
22 May 2017 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a... • http://www.securityfocus.com/bid/98527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3808
https://notcve.org/view.php?id=CVE-2017-3808
20 Apr 2017 — A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The d... • http://www.securityfocus.com/bid/97922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3872
https://notcve.org/view.php?id=CVE-2017-3872
17 Mar 2017 — A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). Una vulnerabilidad de desviación del filtro XSS en la interfaz de administración basada en web de Cisco Unified Communi... • http://www.securityfocus.com/bid/96916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3821
https://notcve.org/view.php?id=CVE-2017-3821
22 Feb 2017 — A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). Una vulnerabilidad en la página de servicio de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS reflejados... • http://www.securityfocus.com/bid/96241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6425
https://notcve.org/view.php?id=CVE-2015-6425
16 Dec 2015 — The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. El subsistema WebApplications Identity Management en Cisco Unified Communications Manager 10.5(0.98000.88) permite a atacantes remotos causar una denegación de servicio (interrupción del subsistema) a través de sesiones token inválidas, también conocido como Bug ID CSCul83786. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4295
https://notcve.org/view.php?id=CVE-2015-4295
01 Aug 2015 — The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. Vulnerabilidad en el componente Prime Collaboration Deployment en Cisco Unified Communications Manager 10.5(3.10000.9), permite a usuarios remotos autenticados descubrir los credenciales de root a través de una petición directa a una URL no especificada, también conocida como Bug ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4272
https://notcve.org/view.php?id=CVE-2015-4272
14 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) múltiple en la página ccmivr en el gestor de comunicaciones unificado de Cisco (anteriormente el gestor de llamadas) 10.5 (2.10000.5) que permite a atacantes remotos inyectar secuencias ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4269
https://notcve.org/view.php?id=CVE-2015-4269
14 Jul 2015 — The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. El componente de regulación de Tomcat en el gestor de comunicaciones unificado de Cisco 10.5 (1.99995.9) permite a usuarios remotos autenticados llevar a cabo una denegación de servicio (corte de gestión) por medio del envío de muchas peticiones, también conocido como Bug ID CSCuu99709. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39877 • CWE-399: Resource Management Errors •