Unified Presence Server
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3288 | Hig | 0.49 | 7.5 | 0.02 | Oct 6, 2011 | Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity… | ||
| CVE-2018-0328 | Med | 0.40 | 6.1 | 0.02 | May 17, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is… | ||
| CVE-2023-20242 | 0.00 | — | 0.00 | Aug 16, 2023 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an… | |||
| CVE-2015-4220 | 0.00 | — | 0.02 | Jun 25, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. | |||
| CVE-2014-3339 | 0.00 | — | 0.02 | Aug 12, 2014 | Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID… | |||
| CVE-2014-3328 | 0.00 | — | 0.03 | Jul 26, 2014 | The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | |||
| CVE-2013-6983 | 0.00 | — | 0.02 | Dec 31, 2013 | SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | |||
| CVE-2013-3453 | 0.00 | — | 0.02 | Aug 22, 2013 | Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or… | |||
| CVE-2013-4869 | 0.00 | — | 0.01 | Jul 18, 2013 | Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent… | |||
| CVE-2013-1242 | 0.00 | — | 0.01 | May 10, 2013 | Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. | |||
| CVE-2013-1197 | 0.00 | — | 0.01 | Apr 16, 2013 | The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | |||
| CVE-2013-1137 | 0.00 | — | 0.02 | Feb 27, 2013 | Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930. | |||
| CVE-2012-3935 | 0.00 | — | 0.03 | Sep 12, 2012 | Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. | |||
| CVE-2011-1643 | 0.00 | — | 0.02 | Aug 29, 2011 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface… | |||
| CVE-2010-2840 | 0.00 | — | 0.01 | Aug 26, 2010 | The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a… | |||
| CVE-2010-2839 | 0.00 | — | 0.01 | Aug 26, 2010 | SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. | |||
| CVE-2009-2874 | 0.00 | — | 0.04 | Oct 16, 2009 | The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. | |||
| CVE-2009-2052 | 0.00 | — | 0.04 | Aug 27, 2009 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of… | |||
| CVE-2008-1740 | 0.00 | — | 0.02 | May 16, 2008 | The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||
| CVE-2008-1158 | 0.00 | — | 0.02 | May 16, 2008 | The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. |
- risk 0.49cvss 7.5epss 0.02
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity…
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is…
- CVE-2023-20242Aug 16, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an…
- CVE-2015-4220Jun 25, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
- CVE-2014-3339Aug 12, 2014risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID…
- CVE-2014-3328Jul 26, 2014risk 0.00cvss —epss 0.03
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.
- CVE-2013-6983Dec 31, 2013risk 0.00cvss —epss 0.02
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
- CVE-2013-3453Aug 22, 2013risk 0.00cvss —epss 0.02
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or…
- CVE-2013-4869Jul 18, 2013risk 0.00cvss —epss 0.01
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent…
- CVE-2013-1242May 10, 2013risk 0.00cvss —epss 0.01
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
- CVE-2013-1197Apr 16, 2013risk 0.00cvss —epss 0.01
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912.
- CVE-2013-1137Feb 27, 2013risk 0.00cvss —epss 0.02
Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
- CVE-2012-3935Sep 12, 2012risk 0.00cvss —epss 0.03
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
- CVE-2011-1643Aug 29, 2011risk 0.00cvss —epss 0.02
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface…
- CVE-2010-2840Aug 26, 2010risk 0.00cvss —epss 0.01
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a…
- CVE-2010-2839Aug 26, 2010risk 0.00cvss —epss 0.01
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
- CVE-2009-2874Oct 16, 2009risk 0.00cvss —epss 0.04
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
- CVE-2009-2052Aug 27, 2009risk 0.00cvss —epss 0.04
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of…
- CVE-2008-1740May 16, 2008risk 0.00cvss —epss 0.02
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
- CVE-2008-1158May 16, 2008risk 0.00cvss —epss 0.02
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
Page 1 of 2