CVE-2018-0124
https://notcve.org/view.php?id=CVE-2018-0124
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). • http://www.securityfocus.com/bid/103114 http://www.securitytracker.com/id/1040405 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm • CWE-320: Key Management Errors •
CVE-2017-12302
https://notcve.org/view.php?id=CVE-2017-12302
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682. • http://www.securityfocus.com/bid/101853 http://www.securitytracker.com/id/1039826 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-6422
https://notcve.org/view.php?id=CVE-2015-6422
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. La aplicación auto servicio en Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de la sub aplicación) a través de peticiones mal formadas, también conocida como Bug ID CSCuu10981. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm http://www.securityfocus.com/bid/79032 http://www.securitytracker.com/id/1034407 • CWE-399: Resource Management Errors •