VYPR

Unified Contact Center Enterprise

by Cisco Systems, Inc.

CVEs (17)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2016-1439MedJun 23, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.

  • CVE-2017-6626MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the…

  • CVE-2026-20109MedJan 21, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack…

  • CVE-2026-20055MedJan 21, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack…

  • CVE-2024-20404Jun 5, 2024
    risk 0.06cvss epss 0.23

    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that…

  • CVE-2026-20116Mar 11, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center…

  • CVE-2025-20242May 21, 2025
    risk 0.00cvss epss 0.05

    A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker…

  • CVE-2024-20405Jun 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific…

  • CVE-2024-20253Jan 26, 2024
    risk 0.00cvss epss 0.02

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is…

  • CVE-2023-20088Mar 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load…

  • CVE-2023-20058Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based…

  • CVE-2020-3163Feb 19, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages…

  • CVE-2014-3323Jul 18, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.

  • CVE-2014-2180Apr 29, 2014
    risk 0.00cvss epss 0.01

    The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.

  • CVE-2007-5539Oct 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote…

  • CVE-2007-0198Jan 11, 2007
    risk 0.00cvss epss 0.02

    The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP…