Cisco Cisco Unified Contact Center Express
36 CVEs affecting Cisco Cisco Unified Contact Center Express. Latest disclosed: 2026-03-11. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-20253 | Critical | 9.9 | 2024-01-26 | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbit… |
CVE-2025-20354 | Critical | 9.8 | 2025-11-05 | A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary fil… |
CVE-2020-3280 | Critical | 9.8 | 2020-05-22 | A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker t… |
CVE-2025-20358 | Critical | 9.4 | 2025-11-05 | A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentic… |
CVE-2024-20404 | High | 7.2 | 2024-06-05 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected… |
CVE-2019-1888 | High | 7.2 | 2020-09-23 | A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to uplo… |
CVE-2025-20113 | High | 7.1 | 2025-05-21 | A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of… |
CVE-2025-20375 | Medium | 6.5 | 2025-11-05 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability i… |
CVE-2025-20376 | Medium | 6.5 | 2025-11-05 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability i… |
CVE-2025-20274 | Medium | 6.3 | 2025-07-16 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary fi… |
CVE-2026-20117 | Medium | 6.1 | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to… |
CVE-2026-20116 | Medium | 6.1 | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Ce… |
CVE-2023-20058 | Medium | 6.1 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflect… |
CVE-2021-1463 | Medium | 6.1 | 2021-04-08 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct… |
CVE-2019-15259 | Medium | 6.1 | 2019-10-02 | A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting a… |
CVE-2019-1670 | Medium | 6.1 | 2019-02-07 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct… |
CVE-2025-20278 | Medium | 6.0 | 2025-06-04 | A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the… |
CVE-2025-20288 | Medium | 5.8 | 2025-07-16 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-… |
CVE-2023-20096 | Medium | 5.4 | 2023-04-05 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to pe… |
CVE-2020-3267 | Medium | 5.4 | 2020-06-03 | A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availabi… |