25 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-1358
CVE-2021-1358 affects Cisco Finesse’s web-based management interface. The flaw is an open redirect caused by improper validation of URL parameters in HTTP requests, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious URL. Exploi...
CVE-2019-12632
CVE-2019-12632 corresponds to a Cisco Finesse SSRF vulnerability: unauthenticated, remote attacker can bypass access controls via improper input validation to perform server-side requests. Affected product: Cisco Finesse (server-side processing component). Root cause: inadequate validation of use...
CVE-2019-15278
Cisco Finesse is affected by a cross-site scripting issue in the web-based management interface. The root cause is that URLs are not sanitized, enabling an unauthenticated, remote attacker to craft a URL and potentially bypass authorization to access sensitive device information. The CVE entry no...
CVE-2021-1254
Cisco Finesse’s web-based management interface contains cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An authenticated attacker with administrator credentials can inject malicious scripts, potentially persuading users to click malicious links an...
CVE-2024-20404
CVE-2024-20404 affects Cisco Finesse web-based management interface. The issue is an SSRF caused by insufficient validation of user-supplied input in HTTP requests sent to the device. An unauthenticated, remote attacker can exploit crafted HTTP requests to obtain limited sensitive information fro...
CVE-2023-20088
The vulnerability CVE-2023-20088 affects Cisco Finesse’s VPN-less reverse proxy, where the nginx-based reverse proxy improperly filters IP addresses. An unauthenticated, remote attacker can send crafted requests via the load balancer to cause a denial of service (DoS) for current and new users, a...
CVE-2017-12288
The CVE-2017-12288 entry describes a cross-site scripting (XSS) flaw in the web-based management interface of Cisco Unified Contact Center Express (UCCE). The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to lure a user...
CVE-2017-6761
Cisco Finesse’s web-based management interface (versions 10.6(1) and 11.5(1)) is affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user into clicking a crafted link, enabling execution of ...
CVE-2017-6779
CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...
CVE-2025-20278
CVE-2025-20278 affects Cisco Unified Communications products. The vulnerability is a command-injection flaw in the CLI due to insufficient validation of command arguments, allowing an authenticated local attacker to execute arbitrary OS commands as root on an affected device. Exploitation require...
CVE-2017-12337
CVE-2017-12337 affects Cisco Voice Operating System (Voice OS) upgrade mechanisms. A refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration can leave an engineering flag enabled after completion, potentially allowing an unauthenticated attacker to gain root access with a known pas...
CVE-2024-20405
CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...
CVE-2018-0398
CVE-2018-0398 affects Cisco Finesse Web-based management interface. The issue is an unauthenticated SSRF vulnerability (server-side request forgery) that could allow remote attackers to trigger unintended requests from the Cisco Finesse server. The connected sources (Cisco Security Advisory and N...
CVE-2021-1245
The CVE-2021-1245 entry concerns Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor. The connected Cisco advisory sources confirm an XSS vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker can lure a user to click ...
CVE-2020-3159
CVE-2020-3159 affects Cisco Finesse: a cross-site scripting vulnerability in the Web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link and execute script code within the interface conte...
CVE-2015-0714
CVE-2015-0714 affects Cisco Finesse Server versions 10.0(1), 10.5(1), 10.6(1), and 11.0(1). The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, allowing remote attackers to inject arbitrary script or HTML via unspecified parameters. Impacte...
CVE-2015-0754
Cisco Finesse 10.5(1) is affected by a vulnerability (CVE‑2015‑0754) due to improper processing of XML files. An authenticated remote attacker can cause a DoS (high CPU/memory usage) or obtain sensitive information by sending a crafted XML document. The vulnerability requires authentication and, ...
CVE-2018-0399
Cisco Finesse suffers an information-disclosure vulnerability in its web-based management interface that could let an unauthenticated, remote attacker retrieve cleartext passwords. Multiple sources (NVD entry CVE-2018-0399; Cisco security advisory cisco-sa-20180718-finesse; Nessus plugin) describ...
CVE-2021-1246
Cisco CVE-2021-1246 refers to an unauthenticated access vulnerability in the web management interfaces of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor. The issue arises from missing authentication in a particular section of the web-based managemen...
CVE-2016-1373
CVE-2016-1373 affects Cisco Finesse where the gadgets-integration API allows remote SSRF via crafted requests due to insufficient access controls. Impact is that an unauthenticated, remote attacker can cause the Finesse server to perform HTTP requests to arbitrary hosts. Affected versions span 8....
CVE-2013-3457
CVE-2013-3457 involves Cisco Finesse web interface directory access. An unauthenticated, remote attacker can read directory contents via a direct request to an open directory due to insufficient access controls. The issue is tied to Cisco’s advisory Cisco-SA-20130812-CVE-2013-3457, which notes th...
CVE-2015-4310
CVE-2015-4310 affects Cisco Finesse 10.5(1) with multiple cross-site scripting (XSS) vulnerabilities arising from improper validation of user input in HTTP GET/POST parameters. An unauthenticated, remote attacker could lure a user to a crafted link and execute arbitrary script in the browser cont...
CVE-2013-3455
Cisco Finesse exposes potentially sensitive user data due to an information-disclosure vulnerability in HTTP queries. The issue occurs because user data is transmitted insecurely, allowing unauthenticated, remote actors who can capture HTTP queries on the network to disclose information. Cisco’s ...
CVE-2016-6442
CVE-2016-6442 affects Cisco Finesse Agent and Supervisor Desktop Software. The issue is a CSRF vulnerability due to insufficient CSRF protections, allowing an unauthenticated, remote attacker to cause the user’s browser to submit arbitrary requests with the user’s privileges. Affected release not...