Unified Contact Center Express
CVEs (56)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0403 | Cri | 0.64 | 9.8 | 0.03 | Jul 18, 2018 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. | ||
| CVE-2017-12337 | Cri | 0.64 | 9.8 | 0.06 | Nov 16, 2017 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a… | ||
| CVE-2018-0402 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2018 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. | ||
| CVE-2016-6427 | Hig | 0.57 | 8.8 | 0.01 | Oct 6, 2016 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036… | ||
| CVE-2016-6426 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2016 | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs… | ||
| CVE-2018-0401 | Med | 0.40 | 6.1 | 0.01 | Jul 18, 2018 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967. | ||
| CVE-2018-0400 | Med | 0.40 | 6.1 | 0.01 | Jul 18, 2018 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904. | ||
| CVE-2017-12288 | Med | 0.40 | 6.1 | 0.01 | Oct 19, 2017 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation… | ||
| CVE-2017-6722 | Med | 0.40 | 6.1 | 0.01 | Jul 4, 2017 | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information:… | ||
| CVE-2016-1298 | Med | 0.40 | 6.1 | 0.01 | Jan 26, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | ||
| CVE-2016-1319 | Med | 0.35 | 5.3 | 0.01 | Feb 9, 2016 | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext… | ||
| CVE-2016-1307 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2016 | The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||
| CVE-2024-20404 | 0.06 | — | 0.23 | Jun 5, 2024 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that… | |||
| CVE-2011-3315 | 0.05 | — | 0.26 | Oct 27, 2011 | Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response… | |||
| CVE-2020-3280 | 0.01 | — | 0.07 | May 22, 2020 | A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied… | |||
| CVE-2026-20117 | 0.00 | — | 0.00 | Mar 11, 2026 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the… | |||
| CVE-2026-20116 | 0.00 | — | 0.00 | Mar 11, 2026 | A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center… | |||
| CVE-2025-20375 | 0.00 | — | 0.00 | Nov 5, 2025 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this… | |||
| CVE-2025-20376 | 0.00 | — | 0.00 | Nov 5, 2025 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this… | |||
| CVE-2025-20374 | 0.00 | — | 0.01 | Nov 5, 2025 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker… |
- risk 0.64cvss 9.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.
- risk 0.64cvss 9.8epss 0.06
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a…
- risk 0.57cvss 8.8epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036…
- risk 0.49cvss 7.5epss 0.01
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs…
- risk 0.40cvss 6.1epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967.
- risk 0.40cvss 6.1epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation…
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information:…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.
- risk 0.35cvss 5.3epss 0.01
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext…
- risk 0.35cvss 5.4epss 0.01
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
- CVE-2024-20404Jun 5, 2024risk 0.06cvss —epss 0.23
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that…
- CVE-2011-3315Oct 27, 2011risk 0.05cvss —epss 0.26
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response…
- CVE-2020-3280May 22, 2020risk 0.01cvss —epss 0.07
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied…
- CVE-2026-20117Mar 11, 2026risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the…
- CVE-2026-20116Mar 11, 2026risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center…
- CVE-2025-20375Nov 5, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this…
- CVE-2025-20376Nov 5, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this…
- CVE-2025-20374Nov 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker…
Page 1 of 3