NotCVE - vendor:"Cisco" product:"Emergency Responder" version:"10.5\(2\)"

9 results (0.004 seconds)

CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413

CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-44228

10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2021-1226 – Cisco Unified Communications Products Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-1226

13 Jan 2021 — A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could explo... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16025 – Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2019-16025

23 Sep 2020 — A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and inject... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-15403 – Multiple Cisco Unified Communications Products Open Redirect Vulnerability

https://notcve.org/view.php?id=CVE-2018-15403

05 Oct 2018 — A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific... • http://www.securitytracker.com/id/1041780 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0

CVE-2017-6779

https://notcve.org/view.php?id=CVE-2017-6779

07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6400

https://notcve.org/view.php?id=CVE-2015-6400

13 Dec 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. Vulnerabilidad de XSS en Cisco Emergency Responder 10.5(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de campos no especificados, también conocido como Bug ID CSCuv25547. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6405

https://notcve.org/view.php?id=CVE-2015-6405

13 Dec 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. Vulnerabilidad de CSRF en Cisco Emergency Responder 10.5(1) y 10.5(1a) permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocida como Bug ID CSCuv26501. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6406

https://notcve.org/view.php?id=CVE-2015-6406

13 Dec 2015 — Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. Vulnerabilidad de salto de directorio en el Tools menu en Cisco Emergency Responder 10.5(1.10000.5) permite a usuarios remotos autenticados escribir en archivos arbitrarios a través de un nombre de archivo manipulado, también conocido como Bug ID CSCuv21781. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6407

https://notcve.org/view.php?id=CVE-2015-6407

13 Dec 2015 — Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. Cisco Emergency Responder 10.5(3.10000.9) permite a atacantes remotos subir archivos a ubicaciones arbitrarias a través de un parámetro manipulado, también conocido como Bug ID CSCuv25501. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-erw • CWE-20: Improper Input Validation •