Vulnerabilities (CVE)

Vendor filter

Cisco Subscribe

Product filter

Unity Connection Subscribe

Filter

40 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12707 1 Cisco 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection 2019-10-11 4.3
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected...
CVE-2019-1915 1 Cisco 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection 2019-10-09 4.3
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and...
CVE-2019-1685 1 Cisco 1 Unity Connection 2019-10-09 4.3
A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the...
CVE-2018-15426 1 Cisco 1 Unity Connection 2019-10-09 3.5
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The...
CVE-2018-15403 1 Cisco 4 Emergency Responder, Unified Communications Manager, Unified Communications Manager Im And Presence Service and 1 more 2019-10-09 4.9
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to...
CVE-2018-15396 1 Cisco 1 Unity Connection 2019-10-09 4.0
A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the...
CVE-2018-0354 1 Cisco 1 Unity Connection 2019-10-09 4.3
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to...
CVE-2018-0203 1 Cisco 1 Unity Connection 2019-10-09 5.0
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in...
CVE-2017-6779 1 Cisco 13 Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment and 10 more 2019-10-09 7.8
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a...
CVE-2017-12337 1 Cisco 11 Emergency Responder, Finesse, Hosted Collaboration Solution and 8 more 2019-10-09 10.0
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The...
CVE-2017-12212 1 Cisco 1 Unity Connection 2019-10-09 4.3
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability...
CVE-2015-6360 1 Cisco 14 Webex Meeting Center, Unified Communications Manager, Adaptive Security Appliance Software and 11 more 2017-11-04 7.8
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
CVE-2015-6390 1 Cisco 1 Unity Connection 2017-09-14 4.3
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.
CVE-2014-7988 1 Cisco 1 Unity Connection 2017-09-08 4.0
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.
CVE-2014-3336 1 Cisco 1 Unity Connection 2017-08-29 6.5
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.
CVE-2014-3333 1 Cisco 1 Unity Connection 2017-08-29 9.0
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user...
CVE-2014-0664 1 Cisco 1 Unity Connection 2017-08-29 6.8
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.
CVE-2012-3096 1 Cisco 1 Unity Connection 2017-08-29 4.0
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.
CVE-2012-3060 1 Cisco 1 Unity Connection 2017-08-29 7.8
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269.
CVE-2017-6629 1 Cisco 1 Unity Connection 2017-07-11 5.0
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization...