Cisco Finesse
10 CVEs affecting Cisco Finesse. Latest disclosed: 2017-11-16. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-12337 | Critical | 9.8 | 2017-11-16 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthentic… |
CVE-2016-6442 | High | 8.8 | 2016-10-27 | A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery… |
CVE-2016-1373 | High | 8.6 | 2016-05-05 | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1… |
CVE-2017-12288 | Medium | 6.1 | 2017-10-19 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cros… |
CVE-2017-6761 | Medium | 6.1 | 2017-08-07 | A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-s… |
CVE-2015-4310 | | 2015-08-19 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified para… | |
CVE-2015-0754 | | 2015-05-29 | Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted… | |
CVE-2015-0714 | | 2015-05-02 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary w… | |
CVE-2013-3457 | | 2013-08-12 | Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a direct… | |
CVE-2013-3455 | | 2013-08-12 | Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. |