CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4222
https://notcve.org/view.php?id=CVE-2015-4222
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager IM y Presence Service 9.1(1) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuq46325. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39506 http://www.securityfocus.com/bid/75400 http://www.securitytracker.com/id/1032716 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8000
https://notcve.org/view.php?id=CVE-2014-8000
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. Cisco Unified Communications Manager IM and Presence Service 9.1(1) produce mensajes de retorno diferentes para peticiones URL en función de si existe un nombre de usuario, lo que permite a atacantes remotos enumerar las cuentas de usuario a través de una serie de peticiones, también conocido como Bug ID CSCur63497. • http://secunia.com/advisories/62558 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000 http://tools.cisco.com/security/center/viewAlert.x?alertId=36467 http://www.securityfocus.com/bid/71173 http://www.securitytracker.com/id/1031240 https://exchange.xforce.ibmcloud.com/vulnerabilities/98786 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3363
https://notcve.org/view.php?id=CVE-2014-3363
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. Vulnerabilidad de XSS en el Framework web en Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCuq68443. • http://secunia.com/advisories/59105 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363 http://tools.cisco.com/security/center/viewAlert.x?alertId=35672 http://www.securityfocus.com/bid/69739 http://www.securitytracker.com/id/1030836 https://exchange.xforce.ibmcloud.com/vulnerabilities/95882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0743
https://notcve.org/view.php?id=CVE-2014-0743
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos manipulados, también conocido como Bug ID CSCum95468. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 http://tools.cisco.com/security/center/viewAlert.x?alertId=33044 http://www.securitytracker.com/id/1029843 • CWE-287: Improper Authentication •