Lucene search

K
CiscoUnified Contact Center Express

42 matches found

CVE
CVE
added 2021/12/10 10:15 a.m.5845 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS
CVE
CVE
added 2023/08/16 10:15 p.m.2508 views

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

5.3CVSS5.3AI score0.00097EPSS
CVE
CVE
added 2022/01/14 5:15 a.m.168 views

CVE-2022-20658

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due...

9.6CVSS9.2AI score0.00264EPSS
CVE
CVE
added 2019/09/05 2:15 a.m.137 views

CVE-2019-12633

A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

7.5CVSS6.1AI score0.00514EPSS
CVE
CVE
added 2024/01/26 6:15 p.m.116 views

CVE-2024-20253

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. ...

10CVSS9.6AI score0.03027EPSS
CVE
CVE
added 2020/01/26 5:15 a.m.114 views

CVE-2019-15278

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An ...

6.1CVSS6.3AI score0.00704EPSS
CVE
CVE
added 2023/01/20 7:15 a.m.92 views

CVE-2023-20058

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface d...

6.1CVSS6AI score0.00182EPSS
CVE
CVE
added 2021/04/08 4:15 a.m.79 views

CVE-2021-1463

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface do...

6.1CVSS6AI score0.00339EPSS
CVE
CVE
added 2020/09/23 1:15 a.m.70 views

CVE-2019-1888

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administr...

9CVSS7.4AI score0.01694EPSS
CVE
CVE
added 2023/03/03 4:15 p.m.70 views

CVE-2023-20061

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

6.5CVSS6.6AI score0.00124EPSS
CVE
CVE
added 2023/03/03 4:15 p.m.66 views

CVE-2023-20062

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

6.5CVSS5.3AI score0.00123EPSS
CVE
CVE
added 2021/06/16 6:15 p.m.64 views

CVE-2021-1395

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not pr...

6.1CVSS5.1AI score0.00322EPSS
CVE
CVE
added 2020/04/15 9:15 p.m.63 views

CVE-2020-3177

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device....

7.5CVSS7.5AI score0.00948EPSS
CVE
CVE
added 2025/05/21 5:15 p.m.59 views

CVE-2025-20113

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP...

7.1CVSS6.8AI score0.00081EPSS
CVE
CVE
added 2023/04/05 7:15 p.m.57 views

CVE-2023-20096

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attac...

5.4CVSS5.2AI score0.00132EPSS
CVE
CVE
added 2019/10/02 7:15 p.m.56 views

CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...

6.1CVSS6.2AI score0.00208EPSS
CVE
CVE
added 2018/06/07 12:29 p.m.55 views

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occu...

7.8CVSS7.5AI score0.01275EPSS
CVE
CVE
added 2017/11/16 7:29 a.m.54 views

CVE-2017-12337

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or P...

10CVSS9.4AI score0.12274EPSS
CVE
CVE
added 2018/07/18 11:29 p.m.51 views

CVE-2018-0403

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.

9.8CVSS9.3AI score0.00689EPSS
CVE
CVE
added 2020/05/22 6:15 a.m.50 views

CVE-2020-3280

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...

10CVSS9.8AI score0.06345EPSS
CVE
CVE
added 2010/06/10 12:30 a.m.49 views

CVE-2010-1570

The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI mes...

7.8CVSS6.8AI score0.00726EPSS
CVE
CVE
added 2020/06/03 6:15 p.m.49 views

CVE-2020-3267

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...

7.1CVSS6AI score0.00329EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.49 views

CVE-2025-20278

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied comman...

6.7CVSS7.6AI score0.00017EPSS
CVE
CVE
added 2017/07/04 12:29 a.m.48 views

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affe...

6.1CVSS6.3AI score0.00447EPSS
CVE
CVE
added 2025/05/21 5:15 p.m.47 views

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker coul...

4.3CVSS5AI score0.00051EPSS
CVE
CVE
added 2019/08/21 7:15 p.m.45 views

CVE-2019-12626

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabili...

4.8CVSS4.8AI score0.0017EPSS
CVE
CVE
added 2016/10/05 9:59 p.m.44 views

CVE-2016-6426

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

7.5CVSS7.5AI score0.00244EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.44 views

CVE-2025-20275

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attack...

7.8CVSS5.9AI score0.00194EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.43 views

CVE-2025-20279

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to imprope...

4.8CVSS4.9AI score0.00039EPSS
CVE
CVE
added 2010/06/10 12:30 a.m.42 views

CVE-2010-1571

Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.

7.8CVSS6.8AI score0.00455EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.42 views

CVE-2025-20277

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limi...

6.7CVSS4.9AI score0.00017EPSS
CVE
CVE
added 2016/10/06 10:59 a.m.41 views

CVE-2016-6427

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

8.8CVSS8.9AI score0.00129EPSS
CVE
CVE
added 2018/07/18 11:29 p.m.40 views

CVE-2018-0400

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.

6.1CVSS6AI score0.00481EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.40 views

CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

5.4CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2025/06/04 5:15 p.m.40 views

CVE-2025-20276

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure des...

7.2CVSS7.9AI score0.00169EPSS
CVE
CVE
added 2018/07/18 11:29 p.m.39 views

CVE-2018-0401

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967.

6.1CVSS6AI score0.00296EPSS
CVE
CVE
added 2018/07/18 11:29 p.m.39 views

CVE-2018-0402

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.

8.8CVSS8.7AI score0.00195EPSS
CVE
CVE
added 2012/05/02 10:9 a.m.37 views

CVE-2011-2583

Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.

5CVSS6.9AI score0.00535EPSS
CVE
CVE
added 2016/01/26 5:59 a.m.35 views

CVE-2016-1298

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.

6.1CVSS5.9AI score0.00229EPSS
CVE
CVE
added 2016/10/06 10:59 a.m.34 views

CVE-2016-6425

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.

6.1CVSS6AI score0.00296EPSS
CVE
CVE
added 2025/07/16 5:15 p.m.11 views

CVE-2025-20274

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface...

8.8CVSS7.4AI score0.00276EPSS
CVE
CVE
added 2025/07/16 5:15 p.m.7 views

CVE-2025-20288

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requ...

5.8CVSS6.8AI score0.00012EPSS