CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2019-15259

Cisco » Unified Contact Center Express » Version: N/A

cpe:2.3:a:cisco:unified_contact_center_express:-
Cisco » Unified Contact Center Express » Version: 10.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.0(1)
Cisco » Unified Contact Center Express » Version: 10.5(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.5(1)
Cisco » Unified Contact Center Express » Version: 10.6(1)

cpe:2.3:a:cisco:unified_contact_center_express:10.6(1)
Cisco » Unified Contact Center Express » Version: 11.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.0(1)
Cisco » Unified Contact Center Express » Version: 11.5(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.5(1)
Cisco » Unified Contact Center Express » Version: 11.5.1es01

cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01
Cisco » Unified Contact Center Express » Version: 11.5.1su1

cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1
Cisco » Unified Contact Center Express » Version: 11.6

cpe:2.3:a:cisco:unified_contact_center_express:11.6
Cisco » Unified Contact Center Express » Version: 11.6(1)

cpe:2.3:a:cisco:unified_contact_center_express:11.6(1)
Cisco » Unified Contact Center Express » Version: 12.0(1)

cpe:2.3:a:cisco:unified_contact_center_express:12.0(1)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15259

Products

Pricing

Contact Us