Lucene search
+L
CiscoFinesse

25 matches found

cve
cve
added 2021/12/10 12:0 a.m.6908 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
cve
cve
added 2021/05/22 6:45 a.m.216 views

CVE-2021-1358

CVE-2021-1358 affects Cisco Finesse’s web-based management interface. The flaw is an open redirect caused by improper validation of URL parameters in HTTP requests, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious URL. Exploi...

6.1CVSS5.2AI score0.00783EPSS
cve
cve
added 2019/09/05 1:15 a.m.152 views

CVE-2019-12632

CVE-2019-12632 corresponds to a Cisco Finesse SSRF vulnerability: unauthenticated, remote attacker can bypass access controls via improper input validation to perform server-side requests. Affected product: Cisco Finesse (server-side processing component). Root cause: inadequate validation of use...

7.5CVSS6.1AI score0.0156EPSS
cve
cve
added 2020/01/26 4:50 a.m.134 views

CVE-2019-15278

Cisco Finesse is affected by a cross-site scripting issue in the web-based management interface. The root cause is that URLs are not sanitized, enabling an unauthenticated, remote attacker to craft a URL and potentially bypass authorization to access sensitive device information. The CVE entry no...

6.1CVSS6.3AI score0.00897EPSS
cve
cve
added 2021/05/22 6:40 a.m.104 views

CVE-2021-1254

Cisco Finesse’s web-based management interface contains cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An authenticated attacker with administrator credentials can inject malicious scripts, potentially persuading users to click malicious links an...

4.8CVSS5AI score0.00721EPSS
cve
cve
added 2024/06/05 4:14 p.m.82 views

CVE-2024-20404

CVE-2024-20404 affects Cisco Finesse web-based management interface. The issue is an SSRF caused by insufficient validation of user-supplied input in HTTP requests sent to the device. An unauthenticated, remote attacker can exploit crafted HTTP requests to obtain limited sensitive information fro...

7.2CVSS6.4AI score0.21738EPSS
In wildWeb
cve
cve
added 2023/03/03 12:0 a.m.76 views

CVE-2023-20088

The vulnerability CVE-2023-20088 affects Cisco Finesse’s VPN-less reverse proxy, where the nginx-based reverse proxy improperly filters IP addresses. An unauthenticated, remote attacker can send crafted requests via the load balancer to cause a denial of service (DoS) for current and new users, a...

7.5CVSS6.4AI score0.00795EPSS
cve
cve
added 2017/10/19 8:0 a.m.71 views

CVE-2017-12288

The CVE-2017-12288 entry describes a cross-site scripting (XSS) flaw in the web-based management interface of Cisco Unified Contact Center Express (UCCE). The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to lure a user...

6.1CVSS5.9AI score0.0122EPSS
cve
cve
added 2017/08/07 6:0 a.m.71 views

CVE-2017-6761

Cisco Finesse’s web-based management interface (versions 10.6(1) and 11.5(1)) is affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user into clicking a crafted link, enabling execution of ...

6.1CVSS5.9AI score0.01234EPSS
cve
cve
added 2018/06/07 12:0 p.m.70 views

CVE-2017-6779

CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...

7.8CVSS7.5AI score0.01984EPSS
cve
cve
added 2025/06/04 4:18 p.m.70 views

CVE-2025-20278

CVE-2025-20278 affects Cisco Unified Communications products. The vulnerability is a command-injection flaw in the CLI due to insufficient validation of command arguments, allowing an authenticated local attacker to execute arbitrary OS commands as root on an affected device. Exploitation require...

6.7CVSS7.6AI score0.00155EPSS
cve
cve
added 2017/11/16 7:0 a.m.66 views

CVE-2017-12337

CVE-2017-12337 affects Cisco Voice Operating System (Voice OS) upgrade mechanisms. A refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration can leave an engineering flag enabled after completion, potentially allowing an unauthenticated attacker to gain root access with a known pas...

10CVSS9.4AI score0.06435EPSS
cve
cve
added 2024/06/05 4:15 p.m.66 views

CVE-2024-20405

CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...

6.1CVSS6.3AI score0.00648EPSS
Web
cve
cve
added 2018/07/18 11:0 p.m.61 views

CVE-2018-0398

CVE-2018-0398 affects Cisco Finesse Web-based management interface. The issue is an unauthenticated SSRF vulnerability (server-side request forgery) that could allow remote attackers to trigger unintended requests from the Cisco Finesse server. The connected sources (Cisco Security Advisory and N...

9.8CVSS9.5AI score0.02062EPSS
cve
cve
added 2021/01/13 9:17 p.m.61 views

CVE-2021-1245

The CVE-2021-1245 entry concerns Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor. The connected Cisco advisory sources confirm an XSS vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker can lure a user to click ...

6.5CVSS5.9AI score0.0137EPSS
cve
cve
added 2020/02/19 7:15 p.m.60 views

CVE-2020-3159

CVE-2020-3159 affects Cisco Finesse: a cross-site scripting vulnerability in the Web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link and execute script code within the interface conte...

6.1CVSS6AI score0.00801EPSS
cve
cve
added 2015/05/02 2:0 p.m.59 views

CVE-2015-0714

CVE-2015-0714 affects Cisco Finesse Server versions 10.0(1), 10.5(1), 10.6(1), and 11.0(1). The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, allowing remote attackers to inject arbitrary script or HTML via unspecified parameters. Impacte...

4.3CVSS5.9AI score0.0136EPSS
cve
cve
added 2015/05/29 3:0 p.m.56 views

CVE-2015-0754

Cisco Finesse 10.5(1) is affected by a vulnerability (CVE‑2015‑0754) due to improper processing of XML files. An authenticated remote attacker can cause a DoS (high CPU/memory usage) or obtain sensitive information by sending a crafted XML document. The vulnerability requires authentication and, ...

7.5CVSS6.4AI score0.01937EPSS
cve
cve
added 2018/07/18 11:0 p.m.56 views

CVE-2018-0399

Cisco Finesse suffers an information-disclosure vulnerability in its web-based management interface that could let an unauthenticated, remote attacker retrieve cleartext passwords. Multiple sources (NVD entry CVE-2018-0399; Cisco security advisory cisco-sa-20180718-finesse; Nessus plugin) describ...

9.8CVSS9.4AI score0.01889EPSS
cve
cve
added 2021/01/13 9:17 p.m.53 views

CVE-2021-1246

Cisco CVE-2021-1246 refers to an unauthenticated access vulnerability in the web management interfaces of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor. The issue arises from missing authentication in a particular section of the web-based managemen...

6.5CVSS6.5AI score0.01428EPSS
cve
cve
added 2016/05/05 9:0 p.m.51 views

CVE-2016-1373

CVE-2016-1373 affects Cisco Finesse where the gadgets-integration API allows remote SSRF via crafted requests due to insufficient access controls. Impact is that an unauthenticated, remote attacker can cause the Finesse server to perform HTTP requests to arbitrary hosts. Affected versions span 8....

8.6CVSS8.4AI score0.01061EPSS
cve
cve
added 2013/08/12 10:0 a.m.50 views

CVE-2013-3457

CVE-2013-3457 involves Cisco Finesse web interface directory access. An unauthenticated, remote attacker can read directory contents via a direct request to an open directory due to insufficient access controls. The issue is tied to Cisco’s advisory Cisco-SA-20130812-CVE-2013-3457, which notes th...

5CVSS6.7AI score0.02109EPSS
cve
cve
added 2015/08/19 11:0 p.m.50 views

CVE-2015-4310

CVE-2015-4310 affects Cisco Finesse 10.5(1) with multiple cross-site scripting (XSS) vulnerabilities arising from improper validation of user input in HTTP GET/POST parameters. An unauthenticated, remote attacker could lure a user to a crafted link and execute arbitrary script in the browser cont...

4.3CVSS5.9AI score0.02162EPSS
cve
cve
added 2013/08/12 10:0 a.m.49 views

CVE-2013-3455

Cisco Finesse exposes potentially sensitive user data due to an information-disclosure vulnerability in HTTP queries. The issue occurs because user data is transmitted insecurely, allowing unauthenticated, remote actors who can capture HTTP queries on the network to disclose information. Cisco’s ...

5CVSS6.4AI score0.02084EPSS
cve
cve
added 2016/10/27 9:0 p.m.49 views

CVE-2016-6442

CVE-2016-6442 affects Cisco Finesse Agent and Supervisor Desktop Software. The issue is a CSRF vulnerability due to insufficient CSRF protections, allowing an unauthenticated, remote attacker to cause the user’s browser to submit arbitrary requests with the user’s privileges. Affected release not...

8.8CVSS8.7AI score0.00927EPSS