Vulnerabilities > Cisco > Finesse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-18 | CVE-2018-0398 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1) Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. | 7.5 |
2018-06-07 | CVE-2017-6779 | Resource Exhaustion vulnerability in Cisco products Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 7.8 |
2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 10.0 |
2017-10-19 | CVE-2017-12288 | Cross-site Scripting vulnerability in Cisco Finesse 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 4.3 |
2017-08-07 | CVE-2017-6761 | Cross-site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1) A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2016-10-27 | CVE-2016-6442 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 6.8 |
2016-05-05 | CVE-2016-1373 | Server Side Request Forgery Security Bypass vulnerability in Cisco Finesse The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. | 5.0 |
2016-02-07 | CVE-2016-1307 | Credentials Management vulnerability in Cisco Finesse and Unified Contact Center Express The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | 5.5 |
2015-08-19 | CVE-2015-4310 | Cross-site Scripting vulnerability in Cisco Finesse 10.5(1)Base Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. | 4.3 |
2015-05-29 | CVE-2015-0754 | Improper Input Validation vulnerability in Cisco Finesse 10.5(1)Base Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. | 7.5 |