Filtered by vendor Cisco
                         Subscriptions
                    
                    
                
                        Filtered by product Unified Communications Domain Manager
                         Subscriptions
                    
                    
                
                    Total
                    41 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2014-3278 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | ||||
| CVE-2014-3320 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. | ||||
| CVE-2014-3337 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. | ||||
| CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2025-04-12 | N/A | 
| Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | ||||
| CVE-2014-8020 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. | ||||
| CVE-2015-0591 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | ||||
| CVE-2015-0699 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | ||||
| CVE-2015-4196 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. | ||||
| CVE-2015-4229 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. | ||||
| CVE-2015-6422 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | ||||
| CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A | 
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | ||||
| CVE-2013-1230 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. | ||||
| CVE-2013-1132 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. | ||||
| CVE-2013-1227 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902. | ||||
| CVE-2013-3418 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | ||||
| CVE-2013-5517 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. | ||||
| CVE-2013-1113 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A | 
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. | ||||
| CVE-2018-0124 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-12-02 | N/A | 
| A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964. | ||||
| CVE-2018-0364 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-11-29 | N/A | 
| A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320. | ||||
| CVE-2018-0386 | 1 Cisco | 2 Hosted Collaboration Solution, Unified Communications Domain Manager | 2024-11-26 | N/A | 
| A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. | ||||