CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6426
https://notcve.org/view.php?id=CVE-2016-6426
05 Oct 2016 — The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. La función j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1298
https://notcve.org/view.php?id=CVE-2016-1298
26 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. Múltiples vulnerabilidades de XSS en Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1) y 11.0(1) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con enlaces permanentes, también ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2180
https://notcve.org/view.php?id=CVE-2014-2180
29 Apr 2014 — The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. El componente Document Management en Cisco Unified Contact Center Express no valida debidamente un parámetro, lo que permite a usuarios remotos autenticados subir archivos a través de una solicitud HTTP manipulado, también conocido como Bug ID CSCun74133. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2180 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2102
https://notcve.org/view.php?id=CVE-2014-2102
27 Feb 2014 — Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. Cisco Unified Contact Center Express (Unified CCX) no restringe debidamente el contenido de la página CCMConfig, lo que permite a usuarios remotos autenticados obtener información sensible mediante el examen de este contenido, también conocido como Bug ID CSCum95575. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0745
https://notcve.org/view.php?id=CVE-2014-0745
27 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. Vulnerabilidad de CSRF en el subsistema Unified Serviceability en Cisco Unified Contact Center Express (Unified CCX) permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCum95502. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0746
https://notcve.org/view.php?id=CVE-2014-0746
27 Feb 2014 — The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. El componente disaster recovery system (DRS) en Cisco Unified Contact Center Express (Unified CCX) permite a usuarios remotos autenticados obtener información sensible mediante la lectura de campos extraños en un documento HTML, también conocido como Bug ID CSCum95536. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1214
https://notcve.org/view.php?id=CVE-2013-1214
24 Apr 2013 — The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. El editor de secuencias de comandos de Cisco Unified Contact Center Express (también conocido como Unified CCX) no maneja adecuadamente los privilegios para los inicios de sesión anónimos, lo que permite a atacantes remotos leer scripts arbitrarios vis... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1214 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2583
https://notcve.org/view.php?id=CVE-2011-2583
02 May 2012 — Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. Cisco Unified Contact Center Express (también conocido como CCX) v8.0 y v8.5, permite a atacantes remotos causar una denegación de servicio a través de tráfico de la red, como lo demuestra un caso de prueba SEC-BE-STABLE, también conocido como Bug ID CSCth33834. • http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/release/guide/uccx851rn.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1570
https://notcve.org/view.php?id=CVE-2010-1570
10 Jun 2010 — The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. El componente computer telephony integration (CTI) server en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y v7.0(2), v6.0 anterior v6.0(1)SR1, y v5.0 anteior v5.0(2)SR3 permite a atac... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1571
https://notcve.org/view.php?id=CVE-2010-1571
10 Jun 2010 — Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. Vulnerabilidad de salto de directorio en el servicio bootstrap en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y 7.0(2), no especificadas versiones v6.0, y v5.0 anterior v5.0(2)SR3 permite a atacantes... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •