Cisco Unified Intelligence Center XSS (cisco-sa-cc-xss-MrNAH5Jh)

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2026-20116

The CVE-2026-20116 entry concerns Cisco’s web-based management interfaces for Cisco Finesse and several Cisco contact center products (Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center). The vulnerability arises from insufficient validation of user-supplied input in the inte...

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

PT-2026-24731

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

EUVD-2025-205431

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

PT-2025-53584

Name of the Vulnerable Software and Affected Versions IBM Db2 Intelligence Center versions 1.1.0 through 1.1.2 Description An authenticated user may be able to perform unauthorized actions due to client-side enforcement of server-side security mechanisms. Recommendations Update to a newer version...

IBM Db2 Intelligence Center 安全漏洞

IBM Db2 Intelligence Center is a suite of generative AI assistance tools from International Business Machines IBM. A security vulnerability exists in IBM Db2 Intelligence Center versions 1.1.0, 1.1.1, and 1.1.2 that originates from a client-side enforcement of a server-side security mechanism,...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687

Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...

Changing the physics of cyber defense

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Changing the physics of cyber defense

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Cisco Unified Intelligence Center API Information Disclosure (cisco-sa-cc-mult-vuln-gK4TFXSn)

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-20377

CVE-2025-20377 affects Cisco Unified Intelligence Center API subsystem. Improper validation of API requests allows an authenticated, remote attacker with valid credentials (low-privilege) to view sensitive information that should be restricted. The issue is an information-disclosure problem over ...

CVE-2025-20377 Cisco Unified Intelligence Center API Information Disclosure Vulnerability

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...