CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0747
https://notcve.org/view.php?id=CVE-2014-0747
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. La implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales inyectar comandos a través de programas CAPF no especificados, también conocido como Bug ID CSCum95493. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747 http://tools.cisco.com/security/center/viewAlert.x?alertId=33048 http://www.securitytracker.com/id/1029843 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0742
https://notcve.org/view.php?id=CVE-2014-0742
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. La implementación Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gestión CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCum95464. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742 http://tools.cisco.com/security/center/viewAlert.x?alertId=33045 http://www.securitytracker.com/id/1029843 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0731
https://notcve.org/view.php?id=CVE-2014-0731
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. La administración del interfaz en Cisco Unified Communications Manager (Unified CM) 10.0(1) y versiones anteriores permite a atacantes remotos eludir la autenticación y leer archivos Java class a través de una petición directa, vulnerabilidad también conocida como Bug ID CSCum46497. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731 http://tools.cisco.com/security/center/viewAlert.x?alertId=32915 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0733
https://notcve.org/view.php?id=CVE-2014-0733
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. El componente Enterprise License Manager (ELM) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza debidamente los requisitos de autenticación, lo que permite a atacantes remotos leer archivos ELM a través de una solicitud directa hacia una URL, también conocido como Bug ID CSCum46494. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733 http://tools.cisco.com/security/center/viewAlert.x?alertId=32914 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0735
https://notcve.org/view.php?id=CVE-2014-0735
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. Vulnerabilidad de XSS en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum46470. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735 http://tools.cisco.com/security/center/viewAlert.x?alertId=32912 http://www.securityfocus.com/bid/65641 http://www.securitytracker.com/id/1029793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •