Unified Customer Voice Portal

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-10	CVE-2021-44228	Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical	10.0
2021-07-22	CVE-2021-1599	Cross-site Scripting vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. network low complexity cisco CWE-79	5.4
2020-09-23	CVE-2019-16017	Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. network low complexity cisco CWE-20	6.8
2020-07-02	CVE-2020-3402	Missing Authentication for Critical Function vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. network low complexity cisco CWE-306	7.5
2018-02-22	CVE-2018-0139	Unspecified vulnerability in Cisco Unified Customer Voice Portal 11.5(1)/11.6 A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. network low complexity cisco	8.6
2018-01-18	CVE-2018-0086	Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. network low complexity cisco CWE-400	8.6
2017-09-21	CVE-2017-12214	Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal 10.5/11.0/11.5 A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. network low complexity cisco CWE-20	8.8