Skip to main content

Unified Communications Domain Manager

41 CVEs product

Monthly

CVE-2019-15968 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution Unified Communications Domain Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-0386 MEDIUM This Month

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0364 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-0124 CRITICAL Act Now

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2017-12302 MEDIUM This Month

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-6670 MEDIUM This Month

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6668 MEDIUM This Month

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2016-1354 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6422 MEDIUM This Month

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-6352 MEDIUM This Month

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4196 MEDIUM This Month

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4229 MEDIUM This Month

The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0699 MEDIUM This Month

SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0684 MEDIUM This Month

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0683 MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0682 MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation RCE Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
1.2%
CVE-2015-0591 MEDIUM This Month

Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-0588 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8020 MEDIUM This Month

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8018 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8010 MEDIUM This Month

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-3339 MEDIUM This Month

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager Unified Presence Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-3337 MEDIUM This Month

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-3320 MEDIUM This Month

Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Unified Communications Domain Manager
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2014-3300 HIGH POC THREAT Act Now

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

Cisco Privilege Escalation Unified Cdm Application Software Unified Communications Domain Manager
NVD
CVSS 2.0
7.5
EPSS
45.6%
Threat
4.4
CVE-2014-2198 CRITICAL Act Now

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Cdm Platform Software Unified Communications Domain Manager
NVD
CVSS 2.0
10.0
EPSS
2.2%
CVE-2014-2197 CRITICAL Act Now

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Cdm Application Software Unified Communications Domain Manager
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2014-3281 MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3278 MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3280 MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3283 MEDIUM This Month

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Unified Communications Domain Manager
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-3282 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3279 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3277 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-2104 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5517 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2013-3418 MEDIUM This Month

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-1132 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1230 MEDIUM This Month

Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1227 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Domain Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation RCE +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Unified Communications Domain Manager
NVD
EPSS 46% 4.4 CVSS 7.5
HIGH POC THREAT Act Now

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

Cisco Privilege Escalation Unified Cdm Application Software +1
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Cdm Platform Software +1
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Cdm Application Software +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy