Vulnerabilities > Cisco > Unified Customer Voice Portal > 10.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 		10.0
10
2021-07-22 CVE-2021-1599 Cross-site Scripting vulnerability in Cisco Unified Customer Voice Portal
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
5.4
5.4
2020-07-02 CVE-2020-3402 Missing Authentication for Critical Function vulnerability in Cisco Unified Customer Voice Portal
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-306
5.0
5.0
2018-01-18 CVE-2018-0086 Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.
network
low complexity
cisco CWE-400
5.0
5.0
2015-05-17 CVE-2015-0735 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal 10.5(1)
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.
network
cisco CWE-352
6.8
6.8