Vulnerabilites related to cisco - unity_express_software
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120Vendor Advisory
Impacted products
Vendor Product Version
cisco unity_express_software *
cisco unity_express_software 1.1.1
cisco unity_express_software 1.1.2
cisco unity_express_software 2.0
cisco unity_express_software 2.1
cisco unity_express_software 2.2
cisco unity_express_software 2.3
cisco unity_express_software 3.0
cisco unity_express_software 3.1
cisco unity_express_software 3.2
cisco unity_express_software 7.0
cisco unity_express_software 7.1
cisco unity_express_software 7.2
cisco unity_express_software 7.3
cisco unity_express *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83721592-B28F-4CB5-9E0B-A9E96573DC38",
              "versionEndIncluding": "7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A700B4B-49E6-4F98-8094-ED6FB7841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC3A8B0-179F-4B87-857A-D13701939249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ECC993-69F5-43A6-AE9C-7ED2C33F56B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F42A5CA-B20F-45B2-A5B2-3FFDEFE7CBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7594535-B2F5-44A1-B643-B34AE4570607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6DA8D8-803A-4F76-83A0-D10D24192306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3938819-EB36-4404-99D3-851061479D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C327C5-F673-4630-84AE-E0D583E235C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82C2B8A-7CD6-4F4D-BF1C-A0D48B069D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AC34EA-3AB3-4BBD-9AF1-F00925957F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9B3369-DA45-4619-B965-0FC87725239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBFE2A66-F021-403F-9DA7-D5FB2F24D406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cisco Unity Express con software anterior a v8.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios mediante vectores desconocidos. Bug ID CSCue35910."
    }
  ],
  "id": "CVE-2013-1120",
  "lastModified": "2024-11-21T01:48:56.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-06T12:05:43.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-05-04 12:38
Modified
2024-11-21 00:10
Severity ?
Summary
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
References
cve@mitre.orghttp://secunia.com/advisories/19881Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016015
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlVendor Advisory
cve@mitre.orghttp://www.osvdb.org/25165
cve@mitre.orghttp://www.securityfocus.com/bid/17775
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1613
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/26165
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19881Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016015
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/25165
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17775
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1613
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26165
Impacted products
Vendor Product Version
cisco unity_express_software 1.1.1
cisco unity_express_software 2.1.1
cisco unity_express_software 2.2.2
cisco unity_express *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31397846-474A-46B3-8210-ADC20B93E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE1AB1-1745-4C19-B3AC-72A033D69F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
    }
  ],
  "id": "CVE-2006-2166",
  "lastModified": "2024-11-21T00:10:42.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-04T12:38:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-13 23:55
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114Vendor Advisory
Impacted products
Vendor Product Version
cisco unity_express_software *
cisco unity_express_software 1.1.1
cisco unity_express_software 1.1.2
cisco unity_express_software 2.0
cisco unity_express_software 2.1
cisco unity_express_software 2.1.1
cisco unity_express_software 2.1.2
cisco unity_express_software 2.2
cisco unity_express_software 2.2.2
cisco unity_express_software 2.3
cisco unity_express_software 3.0
cisco unity_express_software 3.1
cisco unity_express_software 3.2
cisco unity_express_software 7.0
cisco unity_express_software 7.1
cisco unity_express_software 7.2
cisco unity_express_software 7.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83721592-B28F-4CB5-9E0B-A9E96573DC38",
              "versionEndIncluding": "7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A700B4B-49E6-4F98-8094-ED6FB7841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC3A8B0-179F-4B87-857A-D13701939249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ECC993-69F5-43A6-AE9C-7ED2C33F56B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31397846-474A-46B3-8210-ADC20B93E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A87C6F-5309-4F22-8773-36040CCCFC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F42A5CA-B20F-45B2-A5B2-3FFDEFE7CBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE1AB1-1745-4C19-B3AC-72A033D69F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7594535-B2F5-44A1-B643-B34AE4570607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6DA8D8-803A-4F76-83A0-D10D24192306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3938819-EB36-4404-99D3-851061479D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C327C5-F673-4630-84AE-E0D583E235C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82C2B8A-7CD6-4F4D-BF1C-A0D48B069D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AC34EA-3AB3-4BBD-9AF1-F00925957F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9B3369-DA45-4619-B965-0FC87725239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBFE2A66-F021-403F-9DA7-D5FB2F24D406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
    },
    {
      "lang": "es",
      "value": "Multiple cross-site scripting (XSS) en Cisco Unity Express antes v8.0 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCud87527."
    }
  ],
  "id": "CVE-2013-1114",
  "lastModified": "2024-11-21T01:48:56.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-13T23:55:01.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-1120
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-09-17 01:31
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-06T11:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1120",
    "datePublished": "2013-02-06T11:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T01:31:12.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2166
Vulnerability from cvelistv5
Published
2006-05-04 10:00
Modified
2024-08-07 17:43
Severity ?
Summary
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
References
http://secunia.com/advisories/19881third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1613vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/25165vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/26165vdb-entry, x_refsource_XF
http://securitytracker.com/id?1016015vdb-entry, x_refsource_SECTRACK
http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/17775vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:27.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19881"
          },
          {
            "name": "ADV-2006-1613",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1613"
          },
          {
            "name": "25165",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25165"
          },
          {
            "name": "cisco-cue-privilege-escalation(26165)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
          },
          {
            "name": "1016015",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016015"
          },
          {
            "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
          },
          {
            "name": "17775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19881"
        },
        {
          "name": "ADV-2006-1613",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1613"
        },
        {
          "name": "25165",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25165"
        },
        {
          "name": "cisco-cue-privilege-escalation(26165)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
        },
        {
          "name": "1016015",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016015"
        },
        {
          "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
        },
        {
          "name": "17775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19881"
            },
            {
              "name": "ADV-2006-1613",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1613"
            },
            {
              "name": "25165",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25165"
            },
            {
              "name": "cisco-cue-privilege-escalation(26165)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
            },
            {
              "name": "1016015",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016015"
            },
            {
              "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
            },
            {
              "name": "17775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2166",
    "datePublished": "2006-05-04T10:00:00",
    "dateReserved": "2006-05-03T00:00:00",
    "dateUpdated": "2024-08-07T17:43:27.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1114
Vulnerability from cvelistv5
Published
2013-02-13 23:00
Modified
2024-09-16 20:12
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-13T23:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1114",
    "datePublished": "2013-02-13T23:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T20:12:08.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}