U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):*:*:*:*:*:*:*
  • CPE Name Search: true
There are 77 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2014-0729

SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-0728

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-0727

SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-0726

SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-0725

Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-0724

The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-0723

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-0722

The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.

Published: February 13, 2014; 12:24:51 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-0686

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

Published: February 04, 2014; 12:39:08 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

Published: January 08, 2014; 4:55:06 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

Published: December 21, 2013; 9:22:57 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-7030

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue

Published: December 12, 2013; 12:55:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-6689

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

Published: November 17, 2013; 10:55:06 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

Published: November 17, 2013; 10:55:06 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2013-5555

Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.

Published: October 31, 2013; 10:55:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

Published: October 10, 2013; 11:54:53 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-3472

Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.

Published: August 29, 2013; 8:07:54 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-3462

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

Published: August 24, 2013; 11:27:32 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2013-3461

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

Published: August 24, 2013; 11:27:32 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2013-3460

Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.

Published: August 24, 2013; 11:27:32 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH