Vulnerabilities > Cisco > Unified Contact Center Express

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2019-1888 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system.
network
low complexity
cisco CWE-434
7.2
7.2
2020-06-03 CVE-2020-3267 Files or Directories Accessible to External Parties vulnerability in Cisco Unified Contact Center Express
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent.
network
low complexity
cisco CWE-552
7.1
7.1
2020-05-22 CVE-2020-3280 Deserialization of Untrusted Data vulnerability in Cisco Unified Contact Center Express 12.0/12.0(1)
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-502
critical
 9.8
9.8
2020-04-15 CVE-2020-3177 Path Traversal vulnerability in Cisco products
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
7.5
7.5
2020-01-26 CVE-2019-15278 Cross-site Scripting vulnerability in Cisco Finesse and Unified Contact Center Express
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device.
network
low complexity
cisco CWE-79
6.1
6.1
2019-10-02 CVE-2019-15259 Injection vulnerability in Cisco Unified Contact Center Express
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack.
network
low complexity
cisco CWE-74
6.1
6.1
2019-09-05 CVE-2019-12633 Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Contact Center Express
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system.
network
low complexity
cisco CWE-918
7.5
7.5
2019-08-21 CVE-2019-12626 Cross-site Scripting vulnerability in Cisco Unified Contact Center Express 12.5(1)
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
4.8
4.8
2018-07-18 CVE-2018-0403 Server-Side Request Forgery (SSRF) vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password.
network
low complexity
cisco CWE-918
critical
 9.8
9.8
2018-07-18 CVE-2018-0402 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.
network
low complexity
cisco CWE-352
8.8
8.8