Cisco Secure Workload could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper role-based access control (RBAC) of certain OpenAPI operations. By issuing a crafted OpenAPI function call with valid credentials, an attacker could exploit this vulnerability to execute OpenAPI operations that are reserved for the Administrator user.
Cisco Unified Communications Manager is vulnerable to a denial of service, caused by insufficient validation of user-supplied input to the web UI of the Self Care Portal. By sending crafted HTTP input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
efer to Cisco Security Advisory for patch, upgrade or suggested workaround information.