Cisco Unified Contact Center Management Portal vulnerabilities

4 known vulnerabilities affecting cisco/unified_contact_center_management_portal.

Total CVEs
4
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-20540MEDIUMCVSS 5.4fixed in 12.6\(1\)_es142024-11-06
CVE-2024-20540 [MEDIUM] CWE-79 CVE-2024-20540: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Por A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not p
nvd
CVE-2024-20512MEDIUMCVSS 6.1≥ 12.6\(1\), < 12.6\(1\)_es132024-10-16
CVE-2024-20512 [MEDIUM] CWE-79 CVE-2024-20512: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Por A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validat
nvd
CVE-2022-20658CRITICALCVSS 9.6≤ 11.6.12022-01-14
CVE-2022-20658 [CRITICAL] CWE-602 CVE-2022-20658: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Por A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user per
nvd
CVE-2021-44228CRITICALCVSS 10.0KEVPoCv12.6\(1\)2021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd