VYPR

Unified Communications Manager

by Cisco Systems, Inc.

CVEs (248)

  • CVE-2016-1319MedFeb 9, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext…

  • CVE-2017-3886MedApr 7, 2017
    risk 0.32cvss 4.9epss 0.02

    A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user…

  • CVE-2025-20361MedOct 1, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)…

  • CVE-2018-0266MedApr 19, 2018
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this…

  • CVE-2018-0135MedFeb 8, 2018
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could…

  • CVE-2018-0120MedFeb 8, 2018
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input…

  • CVE-2017-12302MedNov 16, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input…

  • CVE-2017-6785MedAug 17, 2017
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is…

  • CVE-2017-3836MedFeb 22, 2017
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178)…

  • CVE-2016-1317MedFeb 9, 2016
    risk 0.28cvss 4.3epss 0.01

    Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.

  • CVE-2026-20045KEVJan 21, 2026
    risk 0.12cvss epss 0.04

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex…

  • CVE-2013-5528Oct 11, 2013
    risk 0.05cvss epss 0.23

    Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

  • CVE-2011-3315Oct 27, 2011
    risk 0.05cvss epss 0.26

    Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response…

  • CVE-2011-1609May 3, 2011
    risk 0.05cvss epss 0.20

    SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors,…

  • CVE-2008-0027Jan 17, 2008
    risk 0.05cvss epss 0.57

    Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a…

  • CVE-2014-8008Jan 22, 2015
    risk 0.04cvss epss 0.08

    Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

  • CVE-2010-3039Nov 9, 2010
    risk 0.04cvss epss 0.09

    /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs…

  • CVE-2008-0026Feb 14, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

  • CVE-2007-4634Aug 31, 2007
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1)…

  • CVE-2011-1610May 3, 2011
    risk 0.02cvss epss 0.25

    Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow…

Page 3 of 13