VYPR

Unified Intelligence Center

by Cisco Systems, Inc.

CVEs (25)

  • CVE-2017-12337CriNov 16, 2017
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a…

  • CVE-2017-12253HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the…

  • CVE-2016-6427HigOct 6, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036…

  • CVE-2016-6426HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs…

  • CVE-2017-12254MedSep 21, 2017
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters…

  • CVE-2017-12248MedSep 21, 2017
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to…

  • CVE-2017-6789MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The…

  • CVE-2016-6425MedOct 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020…

  • CVE-2025-20377MedNov 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker…

  • CVE-2025-20288Jul 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation…

  • CVE-2025-20274Jul 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the…

  • CVE-2025-20278Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation…

  • CVE-2025-20113May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied…

  • CVE-2025-20114May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API…

  • CVE-2024-20325Feb 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access…

  • CVE-2023-20062Mar 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…

  • CVE-2023-20061Mar 3, 2023
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…

  • CVE-2023-20058Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based…

  • CVE-2021-1395Jun 16, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management…

  • CVE-2021-1463Apr 8, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based…

Page 1 of 2