Cisco Unified Contact Center Express vulnerabilities

CVE-2024-20405 [MEDIUM] CWE-20 CVE-2024-20405: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticate A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit

CVE-2024-20253 [CRITICAL] CWE-502 CVE-2024-20253: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by se

CVE-2023-20232 [MEDIUM] CWE-20 CVE-2023-20232: A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP re

CVE-2023-20096 [MEDIUM] CWE-79 CVE-2023-20096: A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unifi A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering craf

CVE-2023-20058 [MEDIUM] CWE-79 CVE-2023-20058: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att

CVE-2021-1395 [MEDIUM] CWE-79 CVE-2021-1395: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could

CVE-2021-1254 [MEDIUM] CWE-79 CVE-2021-1254: Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authe Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An a

CVE-2021-1358 [MEDIUM] CWE-601 CVE-2021-1358: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticate A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuadin

CVE-2021-1463 [MEDIUM] CWE-79 CVE-2021-1463: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacke

CVE-2019-1888 [HIGH] CWE-434 CVE-2019-1888: A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficie

CVE-2020-3267 [HIGH] CWE-285 CVE-2020-3267: A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could all A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected sys

CVE-2020-3280 [CRITICAL] CWE-20 CVE-2020-3280: A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Uni A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerabil

CVE-2019-15259 [MEDIUM] CWE-113 CVE-2019-15259: A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticat A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by co

CVE-2019-12633 [HIGH] CWE-20 CVE-2019-12633: A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulner

CVE-2019-12626 [MEDIUM] CWE-20 CVE-2019-12626: A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unifi A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied

CVE-2019-1670 [MEDIUM] CWE-79 CVE-2019-1670: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could

CVE-2017-12288 [MEDIUM] CWE-79 CVE-2017-12288: A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to condu A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied input

CVE-2017-6722 [MEDIUM] CVE-2017-6722: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthe A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Release