Vulnerabilities (CVE)

Vendor filter

Cisco Subscribe

Product filter

Unified Contact Center Express Subscribe

Filter

20 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15259 1 Cisco 1 Unified Contact Center Express 2019-10-10 4.3
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters...
CVE-2019-12633 1 Cisco 1 Unified Contact Center Express 2019-10-09 5.0
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due...
CVE-2019-12626 1 Cisco 1 Unified Contact Center Express 2019-10-09 3.5
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based...
CVE-2018-0403 1 Cisco 2 Unified Contact Center Express, Unified Ip Interactive Voice Response 2019-10-09 5.0
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.
CVE-2018-0402 1 Cisco 2 Unified Contact Center Express, Unified Ip Interactive Voice Response 2019-10-09 6.8
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.
CVE-2018-0401 1 Cisco 2 Unified Contact Center Express, Unified Ip Interactive Voice Response 2019-10-09 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface....
CVE-2018-0400 1 Cisco 2 Unified Contact Center Express, Unified Ip Interactive Voice Response 2019-10-09 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface....
CVE-2017-6779 1 Cisco 13 Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment and 10 more 2019-10-09 7.8
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a...
CVE-2017-12337 1 Cisco 11 Emergency Responder, Finesse, Hosted Collaboration Solution and 8 more 2019-10-09 10.0
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The...
CVE-2013-1214 1 Cisco 2 Unified Contact Center Express Editor Software, Unified Contact Center Express 2018-10-30 5.0
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug...
CVE-2011-2583 1 Cisco 1 Unified Contact Center Express 2017-12-14 5.0
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
CVE-2010-1571 1 Cisco 3 Unified Ip Interactive Voice Response, Unified Contact Center Express, Customer Response Solution 2017-08-17 7.8
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a...
CVE-2010-1570 1 Cisco 3 Unified Ip Interactive Voice Response, Unified Contact Center Express, Customer Response Solution 2017-08-17 7.8
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI...
CVE-2016-6427 1 Cisco 2 Unified Intelligence Center, Unified Contact Center Express 2017-07-30 6.8
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary...
CVE-2016-6426 1 Cisco 2 Unified Intelligence Center, Unified Contact Center Express 2017-07-30 4.3
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an...
CVE-2016-6425 1 Cisco 2 Unified Intelligence Center, Unified Contact Center Express 2017-07-30 4.3
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2017-6722 1 Cisco 1 Unified Contact Center Express 2017-07-07 5.5
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication...
CVE-2016-1298 1 Cisco 1 Unified Contact Center Express 2016-12-07 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.
CVE-2016-1319 1 Cisco 4 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection and 1 more 2016-12-06 5.0
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity...
CVE-2016-1307 1 Cisco 2 Finesse, Unified Contact Center Express 2016-12-06 5.5
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.