Cisco: >> Unified Contact Center Express Editor Software Security Vulnerabilities
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
CVSS Score
4.0
EPSS Score
0.001
Published
2014-04-29
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-02-27
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-02-27
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-02-27
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-04-24