Enterprise Chat And Email
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2025-20139 | Hig | 0.49 | 7.5 | 0.01 | Apr 2, 2025 | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An… | ||
| CVE-2024-20484 | Hig | 0.49 | 7.5 | 0.01 | Nov 6, 2024 | A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient… | ||
| CVE-2019-1877 | Med | 0.42 | 6.5 | 0.01 | Nov 5, 2019 | A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An… | ||
| CVE-2025-20310 | Med | 0.40 | 6.1 | 0.00 | Jul 2, 2025 | A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly… | ||
| CVE-2022-20632 | Med | 0.40 | 6.1 | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not… | ||
| CVE-2022-20631 | Med | 0.40 | 6.1 | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not… | ||
| CVE-2019-1870 | Med | 0.40 | 6.1 | 0.01 | Jun 5, 2019 | A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The… | ||
| CVE-2019-1702 | Med | 0.40 | 6.1 | 0.01 | Mar 11, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The… | ||
| CVE-2022-20633 | Med | 0.35 | 5.3 | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back… | ||
| CVE-2024-20367 | Med | 0.35 | 5.4 | 0.00 | Apr 3, 2024 | A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate… | ||
| CVE-2022-20802 | Med | 0.35 | 5.4 | 0.01 | May 27, 2022 | A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input… | ||
| CVE-2022-20634 | Med | 0.31 | 4.7 | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to… |
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An…
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly…
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not…
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not…
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…
- risk 0.40cvss 6.1epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back…
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input…
- risk 0.31cvss 4.7epss 0.01
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to…