Cisco Unified Communications Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Unified Communications Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2008-1154 — CVSS 10.0 (critical): The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager…
CVE-2025-20309 — CVSS 10.0 (critical): A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition…
CVE-2007-5538 — CVSS 10.0 (critical): Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1…
CVE-2011-1643 — CVSS 10.0 (critical): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco…
CVE-2006-5278 — CVSS 10.0 (critical): Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager…
CVE-2008-0027 — CVSS 10.0 (critical): Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager…
CVE-2024-20253 — CVSS 9.9 (critical): A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote…
CVE-2017-12337 — CVSS 9.8 (critical): A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could…
CVE-2007-4634 — CVSS 9.3 (critical): Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before…
CVE-2006-5277 — CVSS 9.3 (critical): Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM…
CVE-2009-0632 — CVSS 9.0 (critical): The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1…
CVE-2018-0474 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker…
CVE-2019-15972 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker…
CVE-2020-3135 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote…
CVE-2021-1362 — CVSS 8.8 (high): A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management…
CVE-2017-6757 — CVSS 8.8 (high): A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an…
CVE-2019-1887 — CVSS 8.6 (high): A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an…
CVE-2023-20259 — CVSS 8.6 (high): A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to…
CVE-2024-20375 — CVSS 8.6 (high): A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2014-3338 — CVSS 8.5 (high): The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate…
CVE-2023-20211 — CVSS 8.1 (high): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2023-20010 — CVSS 8.1 (high): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2011-0941 — CVSS 7.8 (high): Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5…
CVE-2011-2072 — CVSS 7.8 (high): Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and…
CVE-2011-2560 — CVSS 7.8 (high): The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP…
CVE-2011-2563 — CVSS 7.8 (high): Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly…
CVE-2011-2564 — CVSS 7.8 (high): Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly…
CVE-2011-3315 — CVSS 7.8 (high): Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and…
CVE-2011-4486 — CVSS 7.8 (high): Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before…
CVE-2012-3949 — CVSS 7.8 (high): The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before…
CVE-2013-1133 — CVSS 7.8 (high): Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote…
CVE-2013-3460 — CVSS 7.8 (high): Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1)…
CVE-2013-3459 — CVSS 7.8 (high): Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers…
CVE-2013-3453 — CVSS 7.8 (high): Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified…
CVE-2007-3775 — CVSS 7.8 (high): Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows…
CVE-2015-0751 — CVSS 7.8 (high): Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of…
CVE-2008-1742 — CVSS 7.8 (high): Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows…
CVE-2008-1743 — CVSS 7.8 (high): Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x…
CVE-2008-1744 — CVSS 7.8 (high): The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before…
CVE-2008-1745 — CVSS 7.8 (high): Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service…
CVE-2008-1746 — CVSS 7.8 (high): The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2)…
CVE-2008-1747 — CVSS 7.8 (high): Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before…
CVE-2008-1748 — CVSS 7.8 (high): Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before…
CVE-2008-2061 — CVSS 7.8 (high): The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before…
CVE-2009-2050 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service…
CVE-2009-2051 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2009-2052 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and…
CVE-2009-2053 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1…
CVE-2009-2054 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1…
CVE-2009-2864 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and…
CVE-2010-0587 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and…
CVE-2010-0588 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1)…
CVE-2010-0590 — CVSS 7.8 (high): The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before…
CVE-2010-0591 — CVSS 7.8 (high): Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1)…
CVE-2010-0592 — CVSS 7.8 (high): The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3)…
CVE-2010-2834 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2010-2835 — CVSS 7.8 (high): Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka…
CVE-2010-2837 — CVSS 7.8 (high): The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU…
CVE-2010-2838 — CVSS 7.8 (high): The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3…
CVE-2017-6791 — CVSS 7.5 (high): A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote…
CVE-2013-3404 — CVSS 7.5 (high): SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute…
CVE-2014-0726 — CVSS 7.5 (high): SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier…
CVE-2014-0727 — CVSS 7.5 (high): SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM)…
CVE-2014-0728 — CVSS 7.5 (high): SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote…
CVE-2014-0729 — CVSS 7.5 (high): SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows…
CVE-2020-3177 — CVSS 7.5 (high): A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified…
CVE-2014-0734 — CVSS 7.5 (high): SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager…
CVE-2015-6360 — CVSS 7.5 (high): The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in…
CVE-2017-6779 — CVSS 7.5 (high): Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration…
CVE-2017-3808 — CVSS 7.5 (high): A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM)…
CVE-2016-9210 — CVSS 7.5 (high): A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an…
CVE-2016-6364 — CVSS 7.5 (high): The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended…
CVE-2013-7030 — CVSS 7.3 (high): The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information…
CVE-2008-3800 — CVSS 7.1 (high): Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications…
CVE-2013-1134 — CVSS 7.1 (high): The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1)…
CVE-2011-1604 — CVSS 7.1 (high): Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0…
CVE-2013-3461 — CVSS 7.1 (high): Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the…
CVE-2008-3801 — CVSS 7.1 (high): Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications…
CVE-2011-2561 — CVSS 7.1 (high): The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does…
CVE-2013-6689 — CVSS 6.9 (medium): Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or…
CVE-2015-0717 — CVSS 6.9 (medium): Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified…
CVE-2014-8008 — CVSS 6.8 (medium): Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows…
CVE-2013-3433 — CVSS 6.8 (medium): Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain…
CVE-2013-3434 — CVSS 6.8 (medium): Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain…
CVE-2013-3403 — CVSS 6.8 (medium): Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to…
CVE-2013-3450 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows…
CVE-2014-0736 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified…
CVE-2014-0740 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration…
CVE-2023-20116 — CVSS 6.8 (medium): A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified…
CVE-2013-3397 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM)…
CVE-2014-0747 — CVSS 6.8 (medium): The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier…
CVE-2007-4294 — CVSS 6.8 (medium): Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote…
CVE-2013-3472 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows…
CVE-2011-4487 — CVSS 6.8 (medium): SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before…
CVE-2014-3319 — CVSS 6.8 (medium): Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows…
CVE-2019-12711 — CVSS 6.5 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session…
CVE-2022-20859 — CVSS 6.5 (medium): A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2022-20816 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2022-20791 — CVSS 6.5 (medium): A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager…
CVE-2022-20790 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2021-34773 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2021-1364 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to…
CVE-2021-1357 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to…
CVE-2021-1355 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to…
CVE-2017-3877 — CVSS 6.5 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker…
CVE-2008-0026 — CVSS 6.5 (medium): SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a)…
CVE-2021-1282 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to…
CVE-2015-6433 — CVSS 6.5 (medium): SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute…
CVE-2019-1915 — CVSS 6.5 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management…
CVE-2019-15963 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker…
CVE-2019-15272 — CVSS 6.5 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session…
CVE-2018-0267 — CVSS 6.5 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive…
CVE-2016-6440 — CVSS 6.5 (medium): The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which…
CVE-2017-6758 — CVSS 6.5 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker…
CVE-2014-3366 — CVSS 6.5 (medium): SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users…
CVE-2013-3402 — CVSS 6.5 (medium): An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute…
CVE-2011-1610 — CVSS 6.4 (medium): Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications…
CVE-2013-6688 — CVSS 6.3 (medium): Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified…
CVE-2014-0742 — CVSS 6.2 (medium): The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager…
CVE-2014-0741 — CVSS 6.2 (medium): The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications…
CVE-2019-12707 — CVSS 6.1 (medium): A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote…
CVE-2016-6472 — CVSS 6.1 (medium): A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an…
CVE-2016-9206 — CVSS 6.1 (medium): A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to…
CVE-2017-12258 — CVSS 6.1 (medium): A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a…
CVE-2017-3798 — CVSS 6.1 (medium): A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager…
CVE-2017-3802 — CVSS 6.1 (medium): A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting…
CVE-2017-3821 — CVSS 6.1 (medium): A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to…
CVE-2017-3828 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated…
CVE-2017-3829 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated…
CVE-2017-3833 — CVSS 6.1 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a…
CVE-2017-3872 — CVSS 6.1 (medium): A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager…
CVE-2017-6654 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an…
CVE-2018-0118 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote…
CVE-2018-0206 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote…
CVE-2018-0328 — CVSS 6.1 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated…
CVE-2018-0355 — CVSS 6.1 (medium): A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to…
CVE-2018-0411 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote…
CVE-2019-12715 — CVSS 6.1 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session…
CVE-2019-12716 — CVSS 6.1 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session…
CVE-2020-3282 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session…
CVE-2020-3346 — CVSS 6.1 (medium): A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session…
CVE-2021-1380 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2021-1407 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2021-1408 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2021-1409 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2022-20788 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session…
CVE-2022-20800 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2022-20815 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session…
CVE-2024-20488 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2024-20511 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2025-20278 — CVSS 6.0 (medium): A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute…
CVE-2014-0686 — CVSS 6.0 (medium): Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging…
CVE-2022-20787 — CVSS 5.7 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM…
CVE-2014-3292 — CVSS 5.5 (medium): The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users…
CVE-2014-3317 — CVSS 5.5 (medium): Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications…
CVE-2017-3874 — CVSS 5.4 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to…
CVE-2017-12357 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker…
CVE-2018-0340 — CVSS 5.4 (medium): A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote…
CVE-2017-3888 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker…
CVE-2020-3420 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2018-15403 — CVSS 5.4 (medium): A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications…
CVE-2011-4019 — CVSS 5.4 (medium): Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause…
CVE-2018-0198 — CVSS 5.3 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view…
CVE-2018-0105 — CVSS 5.3 (medium): A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view…
CVE-2022-20804 — CVSS 5.3 (medium): A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2019-1837 — CVSS 5.3 (medium): A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated…
CVE-2021-1478 — CVSS 5.3 (medium): A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified…
CVE-2014-0732 — CVSS 5.0 (medium): The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not…
CVE-2013-1188 — CVSS 5.0 (medium): Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to…
CVE-2014-2184 — CVSS 5.0 (medium): The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive…
CVE-2014-0743 — CVSS 5.0 (medium): The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows…
CVE-2014-0733 — CVSS 5.0 (medium): The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly…
CVE-2012-0376 — CVSS 5.0 (medium): The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core…
CVE-2014-0731 — CVSS 5.0 (medium): The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass…
CVE-2014-0725 — CVSS 5.0 (medium): Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain…
CVE-2014-0722 — CVSS 5.0 (medium): The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote…
CVE-2008-2730 — CVSS 5.0 (medium): The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x…
CVE-2007-3776 — CVSS 5.0 (medium): Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain…
CVE-2015-6425 — CVSS 5.0 (medium): The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause…
CVE-2008-2062 — CVSS 5.0 (medium): The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3…
CVE-2021-1406 — CVSS 4.9 (medium): A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition…
CVE-2022-20789 — CVSS 4.9 (medium): A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications…
CVE-2019-12710 — CVSS 4.9 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session…
CVE-2017-3886 — CVSS 4.9 (medium): A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the…
CVE-2023-20242 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session…