Vulnerabilities > Cisco > Finesse

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0398 Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack.
network
low complexity
cisco CWE-918
7.5
7.5
2018-06-07 CVE-2017-6779 Resource Exhaustion vulnerability in Cisco products
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
7.8
7.8
2017-11-16 CVE-2017-12337 Improper Authentication vulnerability in Cisco products
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.
network
low complexity
cisco CWE-287
critical
 10.0
10
2017-10-19 CVE-2017-12288 Cross-site Scripting vulnerability in Cisco Finesse 11.5(1)
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
cisco CWE-79
4.3
4.3
2017-08-07 CVE-2017-6761 Cross-site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1)
A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
4.3
2016-10-27 CVE-2016-6442 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.
network
cisco CWE-352
6.8
6.8
2016-05-05 CVE-2016-1373 Server Side Request Forgery Security Bypass vulnerability in Cisco Finesse
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
network
low complexity
cisco
5.0
5.0
2016-02-07 CVE-2016-1307 Credentials Management vulnerability in Cisco Finesse and Unified Contact Center Express
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
network
low complexity
cisco CWE-255
5.5
5.5
2015-08-19 CVE-2015-4310 Cross-site Scripting vulnerability in Cisco Finesse 10.5(1)Base
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975.
network
cisco CWE-79
4.3
4.3
2015-05-29 CVE-2015-0754 Improper Input Validation vulnerability in Cisco Finesse 10.5(1)Base
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
network
low complexity
cisco CWE-20
7.5
7.5