This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Cisco First view 2016-06-22
Product Unified Contact Center Enterprise Last view 2023-01-20
Version 10.0(1) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:cisco:unified_contact_center_enterprise

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2023-01-20 CVE-2023-20058

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

10 2021-12-10 CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

5.9 2020-02-19 CVE-2020-3163

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.

6.1 2016-06-22 CVE-2016-1439

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.

CWE : Common Weakness Enumeration

33% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-502 Deserialization of Untrusted Data
16% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
16% (1) CWE-362 Race Condition
16% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Apache Log4j JNDI message lookup vulnerability More info here