Unify Product Security Advisories and Security Notes

The Product Security Team of Unify publishes Security Advisories and associated notes as part of Unify's Vulnerability Intelligence Process.

Security Advisories are published to address security issues in Unify products and how to mitigate or solve them.

Find more information in the associated Security Policy - Vulnerability Intelligence Process.

Subscribe to receive e-mail notifications for new or updated Unify Product Security Advisories and Security Notes by sending an email to obso@unify.com


List of Security Advisories:

 Advisory ID  Title  Risk Level           Release Date      Last Update
 OBSO-1808-01 Faxploit: DEF CON 2018: HP OfficeJet Printer Attack (CVE-2018-5925,CVE-2018-5924)  low  2018-08-22  2018-08-22
 OBSO-1807-01 OpenScape Business Root Access  high  2018-07-30  2018-07-30
Zip Slip (CVE-2018-8009)  Medium  2018-06-28  2018-06-28
Electron Custom Protocol Handler Processing Arbitrary Command Injection (CVE-2018-1000006, CVE-2018-1000118)
 Medium  2018-06-28  2018-06-28
Electron webview Options Object Remote Node.js Integration Manipulation (CVE-2018-1000136)
 Medium  2018-06-05 2018-06-05 
 OBSO-1805-01 Spring Framework spring-messaging Module Message Handling Remote Code Execution (CVE-2018-1270, CVE-2018-1275)  high  2018-05-24  2018-06-01
 OBSO-1801-01 Intel processor flaw: Meltdown and Spectre vulnerabilities
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3639, CVE-2018-3640)
 medium  2018-01-04  2018-06-28 
 OBSO-1712-01 OpenStage and OpenScape Desk Phones: Web Based Management pages access without
admin password
 medium  2017-12-13  2017-12-13
 OBSO-1711-01 WPA2 Protocol Four-way Handshake Handling MitM Issue (KRACK attack)  medium  2017-11-03  2018-02-21
 OBSO-1710-01 Linux Kernel bluetooth Remote Stack Buffer Overflow (BlueBorne) (CVE-2017-1000251)
 medium  2017-10-06  2017-11-03
 OBSO-1709-02 RTPproxy NAT Functionality RTP Traffic Handling Remote Packet Disclosure (RTP Bleed)
 info  2017-09-28  2017-09-28
 OBSO-1709-01 curl / libcurl Function TFTP File Name Handling Out-of-bounds Read Issue (CVE-2017-1000100)  info  2017-09-21  2017-09-21
 OBSO-1708-01 Linux Kernel Stack Guard Page Security Feature Bypass Weakness (CVE-2017-1000364)  medium  2017-08-02  2018-08-22
Race condition in Chrome (CVE-2017-5068)
 Medium  2017-05-23  2017-05-23
 OBSO-1704-01 Microsoft Patchday March 2017: Microsoft Windows SMB Remote Code Execution vulnerabilities
  high  2017-04-28  2017-05-09
Apache Struts2 Jakarta Multipart Parser File Upload Remote Code Execution (CVE 2017-5638)
 info  2017-03-31  2017-03-31
 OBSO-1703-01 CIA Hack of Siemens/ Unify telephones  Info  2017-03-14  2017-03-14
 OBSO-1701-01 SHA-1 certificates: depreciation in 2017  info  2017-01-03  2017-01-03
 OBSO-1611-01 Dirty Cow: Linux Kernel MAP_PRIVATE COW Flag Breakage Race Condition (CVE-2016-5195)  medium  2016-11-07  2018-06-01
 OBSO-1610-03 Leap Second on 2016-12-31 - Security Note for Unify Products  medium  2016-10-27  2016-10-27
 OBSO-1610-02 ISC BIND Nameserver Denial of Service Vulnerabilities (CVE-2016-2776, CVE-2016-2848)  medium  2016-10-25  2016-10-25
 OBSO-1610-01 OpenScape Xpressions - Information Exposure Vulnerability Through HTTP GET Method at Web Assistant Interface  medium  2016-10-18  2016-10-18
 OBSO-1607-01 httpoxy: A CGI Application Vulnerability Affecting Multiple Web Application Languages and Services
 info 2016-07-21 2016-07-27
 OBSO-1603-02 DROWN: Breaking TLS using SSLv2 (CVE-2016-0800)
 info 2016-03-02 2016-10-21
 OBSO-1603-01 Unify SLES 11-based Server Applications - Support of SLES 11 SP4
 info 2016-03-01 2016-03-01
 OBSO-1602-02 Glibc libresolv - Stack-based Buffer Overflow Vulnerability (CVE-2015-7547)
 high 2016-02-19 2016-04-29
 OBSO-1602-01 OpenScape Accounting Management - Virus Alert in Installation Procedure
 info 2016-02-05 2016-09-29
 OBSO-1601-01 OpenSSH Client Information Leak Vulnerability (CVE-2016-0777)
 low 2016-01-26 2016-04-04
 OBSO-1512-04 Apache Tomcat Denial of Service Vulnerability in ChunkedInputFilter (CVE-2014-0227)  medium 2015-12-30 2016-01-22
 OBSO-1512-03 OpenSSH Login Handling Security Bypass Vulnerability (CVE-2015-5600)  medium 2015-12-30 2016-10-25
 OBSO-1512-02 Multiple Unify Products - TLS Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-3194)  medium 2015-12-23 2018-03-27
 OBSO-1512-01 OpenScape Voice - MTLS-SIP Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-0286)  medium 2015-12-23 2015-12-23
 OBSO-1511-02 Non-unique X.509 certificates in OpenStage / OpenScape Desk Phone IP (CVE-2015-8251)  medium 2015-11-30  2015-11-30
 OBSO-1511-01 Deserialisation of Java-objects - Vulnerability in Applications involving Apache Commons-Collections Classes (CVE-2015-8237, CVE-2015-8238)  high 2015-11-17 2016-01-22
 OBSO-1510-01 OpenScape Xpressions - unauthorized external calls via guest access (CVE-2015-7693)  medium 2015-10-26 2016-05-13
 OBSO-1508-02 OpenStage 60 / OpenScape Desk Phone IP 55G - Local service exposure vulnerability (CVE-2015-5391)  medium 2015-08-13  2015-08-13
 OBSO-1508-01 OpenScape Contact Center CDSS - Multiple vulnerabilities fixed in V8 R2.10.11192
 medium 2015-08-05  2015-08-05
 OBSO-1505-03 OpenScape UC Web Client and Desktop Client - Cross-Site Scripting (XSS) Vulnerability
 medium 2015-05-22  2015-05-22
 OBSO-1505-02 OpenStage / OpenScape Desk Phone IP - HTTP header parsing vulnerability (CVE-2014-9708)
 medium 2015-05-08  2015-08-13
 OBSO-1505-01 Leap Second on 2015-06-30 - Security Note for Unify Products  info 2015-05-21  2015-05-21
 OBSO-1503-02 Samba smbd - Remote Code Execution Vulnerability in netlogon server (CVE-2015-0240)
 high 2015-03-31  2015-03-31
 OBSO-1503-01 OpenScape SBC V8 - SIP Authentication Bypass Vulnerability (CVE-2015-2057)
 high 2015-03-03  2015-03-24
 OBSO-1501-04 GNU glibc Remote Buffer Overflow Vulnerability in gethostbyname - "Ghost" (CVE-2015-0235)
 low 2015-01-31  2016-10-10
 OBSO-1501-03 OpenScape Business UC Suite - SQL Injection Vulnerability (CVE-2015-1183)
 high 2015-01-27  2015-01-27
 OBSO-1501-02 OpenStage / OpenScape Desk Phone IP - Input Validation Vulnerability via Web Interface
 low 2015-02-26  2015-02-26
 OBSO-1501-01 OpenStage / OpenScape Desk Phone IP - Authentication Bypass Vulnerability in WPI Default Mode (CVE-2015-1184)
 high 2015-01-20  2015-03-24
 OBSO-1412-03 Hardening of the Intelligent Platform Management Interface (IPMI) on Unify Servers
 info 2014-12-31  2014-12-31
 OBSO-1412-02 NTP - Multiple Stack Based Buffer Overflow Vulnerabilities (CVE-2014-9295)  medium 2014-12-23  2015-01-27
 OBSO-1412-01 Microsoft Windows Remote Code Execution Vulnerability in Schannel ("Winshock", MS14-066, CVE-2014-6321)  high 2014-12-01  2015-06-16
 OBSO-1410-03 OpenScape Business - Getting Root Access    low 2014-10-24  2014-10-26
 OBSO-1410-02 SSL 3.0 "POODLE" vulnerability (CVE-2014-3566)    low 2014-10-17   2014-10-17
 OBSO-1410-01 OpenStage / OpenScape Desk Phone IP - Authentication Bypass Vulnerability in web-based management (CVE-2014-7950)    high 2014-10-10   2014-10-10
 OBSO-1409-01 Bash - Remote Command Injection Vulnerability "Shellshock" (CVE-2014-6271, CVE-2014 7169 et al.)    high 2014-09-27   2015-07-28
 OBSO-1408-04 Java in Unify products - RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263)    low 2014-08-26   2015-08-21
 OBSO-1408-03 OpenScape Web Collaboration - Two Cross Site Scripting (XSS) vulnerabilities  medium 2014-08-25   2014-08-25
 OBSO-1408-02 OpenScape Deployment Service - Hardening of the TLS-based Workpoint Interface  info 2014-08-22   2015-01-31
 OBSO-1408-01 openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509)  low 2014-08-12   2014-09-26
 OBSO-1407-03 OpenStage / OpenScape Desk Phone IP - Information Exposure Vulnerability in web-based management  medium  2014-07-24   2014-07-24
 OBSO-1407-02 HiPath 4000 V6 - Security Updates for the Gateway Web Interface  medium  2014-07-23   2014-07-23
 OBSO-1407-01 NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211)  medium  2014-07-25   2014-07-25
 OBSO-1406-01 openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076)  medium  2014-06-06   2015-07-28
 OBSO-1404-02 openSSL "Heartbleed" Vulnerability (CVE-2014-0160)   medium  2014-04-11   2014-05-02
 OBSO-1404-02-A   Impact of the "Heartbleed" vulnerability to third-party products (CVE-2014-0160)  info  2014-04-18  2014-05-02
 OBSO-1404-01 OpenScape Deployment Service - Blind SQL Injection Vulnerability (CVE-2014-2652)  medium  2014-04-11  2014-04-11
 OBSO-1403-02 OpenStage / OpenScape Desk Phone IP - Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651)  high  2014-03-28  2014-03-28
 OBSO-1403-01 OpenStage / OpenScape Desk Phone IP (SIP) - OS command Injection Vulnerability in web-based management (CVE-2014-2650)  high  2014-03-28  2014-03-28
 OBSO-1402-01 Mediatrix 4400 Series - Cross-site scripting (XSS) vulnerability  (CVE-2014-1612)  medium  2014-02-07  2014-02-07
 OBSO-1401-05 OpenScape UC Applications - Cross-site Scripting Vulnerability  medium  2014-01-31  2014-01-31
 OBSO-1401-04 OpenScape Deployment Service - SQL Injection Vulnerability  high  2014-01-31 2014-01-31
 OBSO-1401-03 HiPath 4000/OpenScape 4000 - Unauthenticated write access to file system  medium  2014-01-31  2014-01-31
 OBSO-1401-02 Informational - Expiry of Default Root CA Certificate in OpenScape Solutions  info  2014-01-28  2014-01-28
 OBSO-1401-01 OpenScape Voice V6 - Multiple Vulnerabilities in Operating System and Java Components  medium  2014-01-15   2014-01-15
 OBSO-1312-02 OpenScape Voice Trace Manager - Multiple Vulnerabilities in PHP  medium  2013-12-20  2013-12-20
 OBSO-1312-01 OpenStage HFA/SIP - Cross-site scripting vulnerability in web-based management  medium  2013-12-16  2013-12-16
 OBSO-1307-02 OpenScape Branch/SBC - Nameserver vulnerabilities (CVE-2012-4244, CVE-2012-5166, CVE-2013-2266)  high  2013-07-26  2013-07-26
 OBSO-1307-01 OpenScape Voice V7 R1 - Multiple Vulnerabilities in Operating System and Java Components  high  2013-07-24  2013-12-06
 OBSO-1306-02 OpenStage Cloud Diagnostic Data Collector - PHP and Web Server Vulnerabilities (CVE-2013-1643, CVE-2012-3499)  medium  2013-06-17  2013-06-17
 OBSO-1306-01 OpenScape Branch / OpenScape SBC - Multiple Web Interface Vulnerabilities  high  2013-06-12  2013-11-08
 OBSO-1305-01 PostgreSQL Security Updates for Multiple Products (CVE-2013-1899)  high  2013-05-07  2013-11-08
 OBSO-1202-01 Linux Kernel Privilege Escalation Vulnerability (CVE-2012-0056)  info  2012-02-01  2013-11-08
 OBSO-1108-02 OpenScape UC Application - local access vulnerability via Web Client  high  2011-08-23  2011-12-08
 OBSO-1108-01 OpenStage - password accessible in cleartext on webbased interface  low  2011-08-22  2011-08-22
 OBSO-1106-01 Allied Telesis divulges secret backdoor  info  2011-06-07  2013-11-08
 OBSO-1011-01 OpenStage - configuration data readable by unauthorized users  medium  2010-11-30  2010-11-30
 OBSO-1010-03 Impact of the Stuxnet worm to Unify systems  info  2010-10-25  2013-11-08
 OBSO-1010-02 Arbitrary code execution at Manager-E  medium  2010-10-15  2010-10-26
 OBSO-1010-01 Enabled VxWorks debug service  high  2010-10-15  2010-10-15