Cisco Unified Communications Manager Im & Presence Service 12.5(1)SU7

CPE Details

Cisco Unified Communications Manager Im & Presence Service 12.5(1)SU7
cisco
unified_communications_manager_im_\&_presence_service
12.5\(1\)su7
2023-10-18
16h58 +00:00
2023-10-18
16h58 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:12.5\(1\)su7:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

unified_communications_manager_im_\&_presence_service

Version

12.5\(1\)su7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-20259 2023-10-04 16h13 +00:00 A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
8.6
Haute
CVE-2021-1409 2021-04-08 04h06 +00:00 Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
6.1
Moyen
CVE-2021-1380 2021-04-08 04h05 +00:00 Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
6.1
Moyen