Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_contact_center_express
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-02 | CVE-2019-15259 | A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker... | Unified_contact_center_express | 6.1 | ||
| 2020-01-26 | CVE-2019-15278 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | Finesse, Unified_contact_center_express | N/A | ||
| 2019-09-05 | CVE-2019-12633 | A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and... | Unified_contact_center_express | 7.5 | ||
| 2019-08-21 | CVE-2019-12626 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the... | Unified_contact_center_express | 4.8 | ||
| 2018-07-18 | CVE-2018-0403 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. | Unified_contact_center_express, Unified_ip_interactive_voice_response | 9.8 | ||
| 2018-07-18 | CVE-2018-0402 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. | Unified_contact_center_express, Unified_ip_interactive_voice_response | 8.8 | ||
| 2018-07-18 | CVE-2018-0401 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967. | Unified_contact_center_express, Unified_ip_interactive_voice_response | 6.1 | ||
| 2018-07-18 | CVE-2018-0400 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904. | Unified_contact_center_express, Unified_ip_interactive_voice_response | 6.1 | ||
| 2018-06-07 | CVE-2017-6779 | Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could... | Emergency_responder, Finesse, Hosted_collaboration_mediation_fulfillment, Mediasense, Prime_collaboration_assurance, Prime_collaboration_provisioning, Prime_license_manager, Socialminer, Unified_communications_manager, Unified_contact_center_express, Unified_intelligence_center, Unity_connection, Virtualized_voice_browser | 7.5 | ||
| 2017-11-16 | CVE-2017-12337 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could... | Emergency_responder, Finesse, Hosted_collaboration_solution, Mediasense, Prime_license_manager, Socialminer, Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unified_contact_center_express, Unified_intelligence_center, Unity_connection | 9.8 |