CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6440
https://notcve.org/view.php?id=CVE-2016-6440
27 Oct 2016 — The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). El Cisco Unified Communications Manager (CUCM)... • http://www.securityfocus.com/bid/93521 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6364
https://notcve.org/view.php?id=CVE-2016-6364
23 Aug 2016 — The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. La implementación de la API User Data Services (UDS) en Cisco Unified Communications Manager 11.5 permite a atacantes remotos eludir las restricciones destinadas al acceso y obtener información sensible a través de llamadas a la API no especificadas, también conocido como ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •