Lucene search

K
CiscoEnterprise Chat And Email

8 matches found

CVE
CVE
added 2021/12/10 10:15 a.m.5637 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS
CVE
CVE
added 2023/10/10 2:15 p.m.4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVE
added 2022/05/27 2:15 p.m.136 views

CVE-2022-20802

A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed b...

5.4CVSS5.4AI score0.00279EPSS
CVE
CVE
added 2019/06/05 5:29 p.m.65 views

CVE-2019-1870

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

6.1CVSS6AI score0.00157EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.58 views

CVE-2024-20367

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attack...

5.4CVSS6AI score0.00118EPSS
CVE
CVE
added 2024/11/06 5:15 p.m.43 views

CVE-2024-20484

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing ...

7.5CVSS7.5AI score0.00164EPSS
CVE
CVE
added 2019/03/11 10:0 p.m.34 views

CVE-2019-1702

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

6.1CVSS6AI score0.00124EPSS
CVE
CVE
added 2019/11/05 8:15 p.m.34 views

CVE-2019-1877

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit...

6.5CVSS6.5AI score0.01282EPSS