VYPR

Unity Connection

by Cisco Systems, Inc.

CVEs (69)

  • CVE-2019-15963Sep 23, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient…

  • CVE-2020-3130Sep 23, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3282Jul 2, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an…

  • CVE-2020-3129Jan 26, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management…

  • CVE-2019-1915Oct 2, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow…

  • CVE-2019-12707Oct 2, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is…

  • CVE-2019-1685Feb 21, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The…

  • CVE-2015-6408Dec 12, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.

  • CVE-2015-6390Dec 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.

  • CVE-2015-6299Sep 20, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.

  • CVE-2015-0716May 7, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

  • CVE-2015-0715May 7, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.

  • CVE-2015-0616Apr 3, 2015
    risk 0.00cvss epss 0.02

    The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by…

  • CVE-2015-0615Apr 3, 2015
    risk 0.00cvss epss 0.02

    The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly…

  • CVE-2015-0614Apr 3, 2015
    risk 0.00cvss epss 0.02

    The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core…

  • CVE-2015-0613Apr 3, 2015
    risk 0.00cvss epss 0.02

    The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core…

  • CVE-2015-0612Apr 3, 2015
    risk 0.00cvss epss 0.02

    The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP…

  • CVE-2014-7988Nov 7, 2014
    risk 0.00cvss epss 0.02

    The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.

  • CVE-2014-3336Aug 11, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.

  • CVE-2014-3333Aug 11, 2014
    risk 0.00cvss epss 0.03

    The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.