Vulnerabilities > Cisco > Unified Contact Center Enterprise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-03-03 | CVE-2023-20061 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 6.5 |
| 2023-03-03 | CVE-2023-20062 | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 4.3 |
| 2023-01-20 | CVE-2023-20058 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical | 10.0 |
| 2021-06-16 | CVE-2021-1395 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2020-02-19 | CVE-2020-3163 | Race Condition vulnerability in Cisco Unified Contact Center Enterprise A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.1 |
| 2017-05-03 | CVE-2017-6626 | Information Exposure vulnerability in Cisco Unified Contact Center Enterprise 11.5(1)/11.6(1) A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. | 5.0 |
| 2016-06-23 | CVE-2016-1439 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Enterprise Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | 4.3 |
| 2014-07-18 | CVE-2014-3323 | Path Traversal vulnerability in Cisco Unified Contact Center Enterprise Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | 4.0 |