Unified Contact Center Express Editor Software Security Vulnerabilities

CVE-2014-2180

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID...

CVE-2014-2102

Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID...

CVE-2014-0745

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID...

CVE-2014-0746

The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID...

CVE-2013-1214

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID...