Hosted Collaboration Mediation Fulfillment
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6371 | Hig | 0.49 | 7.5 | 0.05 | Sep 12, 2016 | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | ||
| CVE-2020-3124 | Med | 0.42 | 6.5 | 0.01 | Sep 23, 2020 | A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF… | ||
| CVE-2018-15401 | Med | 0.42 | 6.5 | 0.01 | Oct 5, 2018 | A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability… | ||
| CVE-2016-6454 | Med | 0.42 | 6.5 | 0.01 | Nov 3, 2016 | A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1).… | ||
| CVE-2020-3256 | Med | 0.32 | 4.9 | 0.01 | May 6, 2020 | A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an… | ||
| CVE-2016-6370 | Med | 0.28 | 4.3 | 0.02 | Sep 12, 2016 | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. | ||
| CVE-2015-6404 | 0.00 | — | 0.01 | Dec 15, 2015 | Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. |
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability…
- risk 0.42cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1).…
- risk 0.32cvss 4.9epss 0.01
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an…
- risk 0.28cvss 4.3epss 0.02
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
- CVE-2015-6404Dec 15, 2015risk 0.00cvss —epss 0.01
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.