Cisco Unified Customer Voice Portal vulnerabilities

CVE-2021-1599 [MEDIUM] CWE-79 CVE-2021-1599: A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) c A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could ex

CVE-2021-1246 [MEDIUM] CWE-306 CVE-2021-1246: Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unaut Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without prov

CVE-2021-1245 [MEDIUM] CWE-79 CVE-2021-1245: Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the

CVE-2019-16017 [MEDIUM] CWE-264 CVE-2019-16017: A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Se A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validati

CVE-2018-0139 [HIGH] CWE-20 CVE-2018-0139: A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an u A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is du

CVE-2018-0086 [HIGH] CWE-400 CVE-2018-0086: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications

CVE-2017-12214 [HIGH] CWE-264 CVE-2017-12214: A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voic A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation.