Security Advisories

Vulnerability Intelligence Process

Product Security Advisories and Security Notes

The Product Security Team of Atos Unify publishes Security Advisories and associated notes as part of Atos Unify’s Vulnerability Intelligence Process.

Security Advisories are published to address security issues in Atos Unify products and how to mitigate or solve them.

Find more information in the associated Security Policy – Vulnerability Intelligence Process

Subscribe to receive e-mail notifications for new or updated Unify Product Security Advisories and Security Notes by sending an email to obso@atos.net

List of Security Advisories

Advisory IDTitle Risk Level Release Date Last Update
OBSO-2006-02OpenScape 4000 Assistant vulnerabilitiesmedium2020-06-102020-06-10
OBSO-2006-01Input validation vulnerability within OpenScape Businesshigh2020-06-022020-06-05
OBSO-2003-02GhostCat. Apache Tomcat Unspecified Local File Inclusion. (CVE-2020-1938)high2020-03-122020-04-28
OBSO-2003-01Apache Log4j SocketServer Class Log Data Handling Insecure Deserialization
Remote Code Execution (CVE-2019-17571)
info2020-03-032020-03-13
OBSO-2002-01OpenScape UC – Multiple vulnerabilitiesmedium2020-02-172020-02-17
OBSO-1911-02Sudo: Privilege escalation via potential bypass of Runas user restrictions (CVE-2019-14287)info2019-11-082019-11-19
OBSO-1911-01Impact of Microsoft Advisory ADV190023 for Unify Customers (Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing)info2019-11-062020-06-10
OBSO-1908-01VxWorks TCP/IP Network Stack (IPnet, Urgent/11) (CVE-2019-12256 to CVE-2019-12265)info2019-08-142019-08-14
OBSO-1906-01TCP SACK PANIC -Linux Kernel vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE -2019-11479, CVE-2019-5599)medium to high2019-06-212019-12-17
OBSO-1905-02Microsoft Windows Remote Desktop Services RDP Connection Request Handling
Remote Code Execution (CVE-2019-0708)
high2019-05-162019-05-17
OBSO-1905-01Apache Tomcat for Windows CGI Servlet Command Line Argument Handling Remote Code Execution (CVE-2019-0232)high2019-05-072019-06-21
OBSO-1904-01Elasticsearch Improper Permissions Name Indexing Remote Privilege Escalation (CVE-2019-7611)medium2019-04-252019-04-25
OBSO-1903-02OpenScape Desk Phones HFA and SIP CSRF and Privilege Escalation vulnerabilitiesmedium2019-03-132019-08-23
OBSO-1903-01Google WebRTC RTCPeerConnection Object Handling Use-after-free Arbitrary Code Execution (CVE-2019-6211)medium2019-03-042019-03-04
OBSO-1812-01Spring Framework ResourceHttpRequestHandler Remote DoS (CVE-2018-15756)low2018-12-132018-12-13
OBSO-1810-01Chinese spy chips in Supermicro serverslow2018-10-082018-12-14
OBSO-1808-01Faxploit: DEF CON 2018: HP OfficeJet Printer Attack (CVE-2018-5925,CVE-2018-5924)low2018-08-222018-08-22
OBSO-1807-01OpenScape Business Root Accesshigh2018-07-302018-07-30
OBSO-1806-03Zip Slip (CVE-2018-8009)medium2018-06-282018-10-18
OBSO-1806-02Electron Custom Protocol Handler Processing Arbitrary Command Injection (CVE-2018-1000006, CVE-2018-1000118)medium2018-06-282018-06-28
OBSO-1806-01Electron webview Options Object Remote Node.js Integration Manipulation (CVE-2018-1000136)medium2018-06-052018-06-05
OBSO-1805-01Spring Framework spring-messaging Module Message Handling Remote Code Execution (CVE-2018-1270, CVE-2018-1275)high2018-05-242018-06-01
OBSO-1801-01Intel processor flaw: Meltdown and Spectre vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)medium2018-01-042019-06-21
OBSO-1712-01OpenStage and OpenScape Desk Phones: Web Based Management pages access without
admin password
medium2017-12-132017-12-13
OBSO-1711-01WPA2 Protocol Four-way Handshake Handling MitM Issue (KRACK attack)medium2017-11-032018-02-21
OBSO-1710-01Linux Kernel bluetooth Remote Stack Buffer Overflow (BlueBorne) (CVE-2017-1000251)medium2017-10-062017-11-03
OBSO-1709-02RTPproxy NAT Functionality RTP Traffic Handling Remote Packet Disclosure (RTP Bleed)
(CVE-2017-14114)
info2017-09-282017-09-28
OBSO-1709-01curl / libcurl Function TFTP File Name Handling Out-of-bounds Read Issue (CVE-2017-1000100)info2017-09-212017-09-21
OBSO-1708-01Linux Kernel Stack Guard Page Security Feature Bypass Weakness (CVE-2017-1000364)medium2017-08-022020-02-06
OBSO-1704-01Microsoft Patchday March 2017: Microsoft Windows SMB Remote Code Execution vulnerabilitieshigh2017-04-282017-05-09
OBSO-1703-02Apache Struts2 Jakarta Multipart Parser File Upload Remote Code Execution (CVE 2017-5638)info2017-03-312018-10-12
OBSO-1703-01CIA Hack of Siemens/ Unify telephonesInfo2017-03-142017-03-14
OBSO-1701-01SHA-1 certificates: depreciation in 2017info2017-01-032017-01-03
OBSO-1611-01Dirty Cow: Linux Kernel MAP_PRIVATE COW Flag Breakage Race Condition (CVE-2016-5195)medium2016-11-072018-06-01
OBSO-1610-03Leap Second on 2016-12-31 – Security Note for Unify Productsmedium2016-10-272016-10-27
OBSO-1610-02ISC BIND Nameserver Denial of Service Vulnerabilities (CVE-2016-2776, CVE-2016-2848)medium2016-10-252016-10-25
OBSO-1610-01OpenScape Xpressions – Information Exposure Vulnerability Through HTTP GET Method at Web Assistant Interfacemedium2016-10-182016-10-18
OBSO-1607-01httpoxy: A CGI Application Vulnerability Affecting Multiple Web Application Languages and Servicesinfo2016-07-212016-07-27
OBSO-1603-02DROWN: Breaking TLS using SSLv2 (CVE-2016-0800)info2016-03-022016-10-21
OBSO-1603-01Unify SLES 11-based Server Applications – Support of SLES 11 SP4info2016-03-012016-03-01
OBSO-1602-02Glibc libresolv – Stack-based Buffer Overflow Vulnerability (CVE-2015-7547)high2016-02-192016-04-29
OBSO-1602-01OpenScape Accounting Management – Virus Alert in Installation Procedureinfo2016-02-052016-09-29
OBSO-1601-01OpenSSH Client Information Leak Vulnerability (CVE-2016-0777)low2016-01-262016-04-04
OBSO-1512-04Apache Tomcat Denial of Service Vulnerability in ChunkedInputFilter (CVE-2014-0227)medium2015-12-302016-01-22
OBSO-1512-03OpenSSH Login Handling Security Bypass Vulnerability (CVE-2015-5600)medium2015-12-302016-10-25
OBSO-1512-02Multiple Unify Products – TLS Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-3194)medium2015-12-232018-03-27
OBSO-1512-01OpenScape Voice – MTLS-SIP Denial of Service Vulnerability in OpenSSL Certificate Verification (CVE-2015-0286)medium2015-12-232015-12-23
OBSO-1511-02Non-unique X.509 certificates in OpenStage / OpenScape Desk Phone IP (CVE-2015-8251)medium2015-11-302015-11-30
OBSO-1511-01Deserialisation of Java-objects – Vulnerability in Applications involving Apache Commons-Collections Classes (CVE-2015-8237, CVE-2015-8238)high2015-11-172016-01-22
OBSO-1510-01OpenScape Xpressions – unauthorized external calls via guest access (CVE-2015-7693)medium2015-10-262016-05-13
OBSO-1508-02OpenStage 60 / OpenScape Desk Phone IP 55G – Local service exposure vulnerability (CVE-2015-5391)medium2015-08-132015-08-13
OBSO-1508-01OpenScape Contact Center CDSS – Multiple vulnerabilities fixed in V8 R2.10.11192medium2015-08-052015-08-05
OBSO-1505-03OpenScape UC Web Client and Desktop Client – Cross-Site Scripting (XSS) Vulnerabilitymedium2015-05-222015-05-22
OBSO-1505-02OpenStage / OpenScape Desk Phone IP – HTTP header parsing vulnerability (CVE-2014-9708)medium2015-05-082015-08-13
OBSO-1505-01Leap Second on 2015-06-30 – Security Note for Unify Productsinfo2015-05-212015-05-21
OBSO-1503-02Samba smbd – Remote Code Execution Vulnerability in netlogon server (CVE-2015-0240)high2015-03-312015-03-31
OBSO-1503-01OpenScape SBC V8 – SIP Authentication Bypass Vulnerability (CVE-2015-2057)high2015-03-032015-03-24
OBSO-1501-04GNU glibc Remote Buffer Overflow Vulnerability in gethostbyname – „Ghost“ (CVE-2015-0235)low2015-01-312016-10-10
OBSO-1501-03OpenScape Business UC Suite – SQL Injection Vulnerability (CVE-2015-1183)high2015-01-272015-01-27
OBSO-1501-02OpenStage / OpenScape Desk Phone IP – Input Validation Vulnerability via Web Interface
(CVE-2014-9563)
low2015-02-262015-02-26
OBSO-1501-01OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2015-1184)high2015-01-202015-03-24
OBSO-1412-03Hardening of the Intelligent Platform Management Interface (IPMI) on Unify Serversinfo2014-12-312014-12-31
OBSO-1412-02NTP – Multiple Stack Based Buffer Overflow Vulnerabilities (CVE-2014-9295)medium2014-12-232015-01-27
OBSO-1412-01Microsoft Windows Remote Code Execution Vulnerability in Schannel („Winshock“, MS14-066, CVE-2014-6321)high2014-12-012015-06-16
OBSO-1410-03OpenScape Business – Getting Root Accesslow2014-10-242014-10-26
OBSO-1410-02SSL 3.0 „POODLE“ vulnerability (CVE-2014-3566)low2014-10-172014-10-17
OBSO-1410-01OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in web-based management (CVE-2014-7950)high2014-10-102014-10-10
OBSO-1409-01Bash – Remote Command Injection Vulnerability „Shellshock“ (CVE-2014-6271, CVE-2014 7169 et al.)high2014-09-272015-07-28
OBSO-1408-04Java in Unify products – RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263)low2014-08-262015-08-21
OBSO-1408-03OpenScape Web Collaboration – Two Cross Site Scripting (XSS) vulnerabilitiesmedium2014-08-252014-08-25
OBSO-1408-02OpenScape Deployment Service – Hardening of the TLS-based Workpoint Interfaceinfo2014-08-222015-01-31
OBSO-1408-01openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509)low2014-08-122014-09-26
OBSO-1407-03OpenStage / OpenScape Desk Phone IP – Information Exposure Vulnerability in web-based managementmedium2014-07-242014-07-24
OBSO-1407-02HiPath 4000 V6 – Security Updates for the Gateway Web Interfacemedium2014-07-232014-07-23
OBSO-1407-01NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211)medium2014-07-252014-07-25
OBSO-1406-01openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076)medium2014-06-062015-07-28
OBSO-1404-02openSSL „Heartbleed“ Vulnerability (CVE-2014-0160)medium2014-04-112014-05-02
OBSO-1404-02-AImpact of the „Heartbleed“ vulnerability to third-party products (CVE-2014-0160)info2014-04-182014-05-02
OBSO-1404-01OpenScape Deployment Service – Blind SQL Injection Vulnerability (CVE-2014-2652)medium2014-04-112014-04-11
OBSO-1403-02OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651)high2014-03-282014-03-28
OBSO-1403-01OpenStage / OpenScape Desk Phone IP (SIP) – OS command Injection Vulnerability in web-based management (CVE-2014-2650)high2014-03-282014-03-28
OBSO-1402-01Mediatrix 4400 Series – Cross-site scripting (XSS) vulnerability (CVE-2014-1612)medium2014-02-072014-02-07
OBSO-1401-05OpenScape UC Applications – Cross-site Scripting Vulnerabilitymedium2014-01-312014-01-31
OBSO-1401-04OpenScape Deployment Service – SQL Injection Vulnerabilityhigh2014-01-312014-01-31
OBSO-1401-03HiPath 4000/OpenScape 4000 – Unauthenticated write access to file systemmedium2014-01-312014-01-31
OBSO-1401-02Informational – Expiry of Default Root CA Certificate in OpenScape Solutionsinfo2014-01-282014-01-28
OBSO-1401-01OpenScape Voice V6 – Multiple Vulnerabilities in Operating System and Java Componentsmedium2014-01-152014-01-15
OBSO-1312-02OpenScape Voice Trace Manager – Multiple Vulnerabilities in PHPmedium2013-12-202013-12-20
OBSO-1312-01OpenStage HFA/SIP – Cross-site scripting vulnerability in web-based managementmedium2013-12-162013-12-16
OBSO-1307-02OpenScape Branch/SBC – Nameserver vulnerabilities (CVE-2012-4244, CVE-2012-5166, CVE-2013-2266)high2013-07-262013-07-26
OBSO-1307-01OpenScape Voice V7 R1 – Multiple Vulnerabilities in Operating System and Java Componentshigh2013-07-242013-12-06
OBSO-1306-02OpenStage Cloud Diagnostic Data Collector – PHP and Web Server Vulnerabilities (CVE-2013-1643, CVE-2012-3499)medium2013-06-172013-06-17
OBSO-1306-01OpenScape Branch / OpenScape SBC – Multiple Web Interface Vulnerabilitieshigh2013-06-122013-11-08
OBSO-1305-01PostgreSQL Security Updates for Multiple Products (CVE-2013-1899)high2013-05-072013-11-08
OBSO-1202-01Linux Kernel Privilege Escalation Vulnerability (CVE-2012-0056)info2012-02-012013-11-08
OBSO-1108-02OpenScape UC Application – local access vulnerability via Web Clienthigh2011-08-232011-12-08
OBSO-1108-01OpenStage – password accessible in cleartext on webbased interfacelow2011-08-222011-08-22
OBSO-1106-01Allied Telesis divulges secret backdoorinfo2011-06-072013-11-08
OBSO-1011-01OpenStage – configuration data readable by unauthorized usersmedium2010-11-302010-11-30
OBSO-1010-03Impact of the Stuxnet worm to Unify systemsinfo2010-10-252013-11-08
OBSO-1010-02Arbitrary code execution at Manager-Emedium2010-10-152010-10-26
OBSO-1010-01Enabled VxWorks debug servicehigh2010-10-152010-10-15