CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12632 – Cisco Finesse Request Processing Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-12632
05 Sep 2019 — A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. Una vulnerabilid... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-finesse-ssrf • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-0398
https://notcve.org/view.php?id=CVE-2018-0398
18 Jul 2018 — Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018. Una vulnerabilidad en la interfaz de gestión web de Cisco Finesse podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Server-Side Request Forgery (SSRF). Cisco Bug IDs: CSCvg71018. • http://www.securityfocus.com/bid/104886 • CWE-264: Permissions, Privileges, and Access Controls CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0399
https://notcve.org/view.php?id=CVE-2018-0399
18 Jul 2018 — Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco Finesse podrían permitir que un atacante remoto sin autenticar recupere una contraseña en texto claro de un sistema afectado. Cisco Bug IDs: CSCvg71044. • http://www.securityfocus.com/bid/104886 • CWE-264: Permissions, Privileges, and Access Controls CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12288
https://notcve.org/view.php?id=CVE-2017-12288
19 Oct 2017 — A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the a... • http://www.securityfocus.com/bid/101514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6761
https://notcve.org/view.php?id=CVE-2017-6761
07 Aug 2017 — A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A succ... • http://www.securityfocus.com/bid/100110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6442
https://notcve.org/view.php?id=CVE-2016-6442
27 Oct 2016 — A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). Una vulnerabilidad en Cisco Finesse Agent y Supervisor Desktop Software podría permitir a un atacante remoto no autenticado llevar a cabo un ataque CSRF contra el usuario de la interfaz webs. Más información: CSCvb57213. • http://www.securityfocus.com/bid/93519 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 31EXPL: 0CVE-2016-1373
https://notcve.org/view.php?id=CVE-2016-1373
05 May 2016 — The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. La API gadgets-integration en Cisco Finesse 8.5(1) hasta la versión 8.5(5),... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4310
https://notcve.org/view.php?id=CVE-2015-4310
19 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. Múltiples vulnerabilidades de XSS en Cisco Finesse 10.5(1), permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrarios a través de parámetros no especificados en una petición (1) GET o (2) POST, también conocido como Bug IDs CSCuq82322, CSC... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40436 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0754
https://notcve.org/view.php?id=CVE-2015-0754
29 May 2015 — Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. Cisco Finesse 10.5(1) permite a usuarios remotos autenticados obtener información sensible o causar una denegación de servicio (consumo de CPU y memoria) a través de un documento XML manipulado, también conocido como Bug ID CSCut95810. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39015 • CWE-20: Improper Input Validation •