Vulnerabilities > Cisco > Unified Intelligence Center > 11.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity siemens apache intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |
| 2021-06-16 | CVE-2021-1395 | Unspecified vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2021-04-08 | CVE-2021-1463 | Unspecified vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2017-09-21 | CVE-2017-12254 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. | 6.1 |
| 2017-09-21 | CVE-2017-12253 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. | 8.8 |
| 2017-09-21 | CVE-2017-12248 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |