Vulnerabilities > Cisco > Unified Contact Center Express Editor Software

DATE CVE VULNERABILITY TITLE RISK
2014-04-29 CVE-2014-2180 Improper Input Validation vulnerability in Cisco products
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
network
low complexity
cisco CWE-20
4.0
4.0
2014-02-27 CVE-2014-2102 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Contact Center Express Editor Software
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
network
low complexity
cisco CWE-264
4.0
4.0
2014-02-27 CVE-2014-0746 Information Exposure vulnerability in Cisco Unified Contact Center Express Editor Software
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
network
low complexity
cisco CWE-200
4.0
4.0
2014-02-27 CVE-2014-0745 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Contact Center Express Editor Software
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
network
cisco CWE-352
6.8
6.8
2013-04-24 CVE-2013-1214 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Contact Center Express Editor Software
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
network
low complexity
cisco CWE-264
5.0
5.0