unified_contact_center_management_portal Details

CVE-2024-20540

Assigner-Cisco Systems, Inc.

View Details

Assigner-Cisco Systems, Inc.

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 22.81%

||

7 Day CHG~0.00%

Published-06 Nov, 2024 | 16:32

Updated-07 Aug, 2025 | 19:04

Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.

Vendor-Cisco Systems, Inc.

Product-unified_contact_center_management_portal Cisco Unified Contact Center Management Portal

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-20512

Assigner-Cisco Systems, Inc.

View Details

Assigner-Cisco Systems, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.13% / 32.59%

||

7 Day CHG~0.00%

Published-16 Oct, 2024 | 16:17

Updated-04 Aug, 2025 | 17:02

Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Vendor-Cisco Systems, Inc.

Product-unified_contact_center_management_portal Cisco Unified Contact Center Management Portal

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44487

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-94.41% / 99.98%

||

7 Day CHG-0.06%

Published-10 Oct, 2023 | 00:00

Updated-30 Jul, 2025 | 01:37

Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Product-nexus_9516 openshift_serverless cbl-mariner nexus_34180yc nexus_3132c-z big-ip_ddos_hybrid_defender nexus_3132q-xl proxygen armeria nexus_3132q-x\/3132q-xl unified_contact_center_enterprise_-_live_data_server nexus_9336pq_aci_spine integration_service_registry nexus_9236c_switch windows_11_22h2 migration_toolkit_for_containers nexus_9396px .net nexus_31108pc-v nexus_9336c-fx2 nexus_9396tx_switch openshift nginx_ingress_controller nexus_9236c advanced_cluster_security kong_gateway nexus_93108tc-ex-24 secure_web_appliance windows_server_2016 windows_server_2019 openshift_container_platform_assisted_installer big-ip_next_service_proxy_for_kubernetes nexus_3500 integration_camel_k nexus_9396tx nexus_9372tx nexus_93216tc-fx2 apisix nginx_plus nexus_9800 linkerd support_for_spring_boot nexus_3132q-x node_healthcheck_operator 3scale_api_management_platform nexus_9500 nexus_93120tx nexus_3264c-e nexus_9500_4-slot openstack_platform telepresence_video_communication_server nexus_36180yc-r tomcat nexus_3132q nexus_3172tq-32t openshift_distributed_tracing nexus_9348gc-fxp big-ip_next enterprise_chat_and_email big-ip_global_traffic_manager big-ip_fraud_protection_service unified_contact_center_enterprise contour openshift_container_platform nexus_3100-v secure_malware_analytics nexus_92160yc_switch nexus_34200yc-sm nexus_9348d-gx2a nexus_9364c-gx migration_toolkit_for_virtualization nexus_3100-z fog_director nexus_9804 nexus_3432d-s ultra_cloud_core_-_session_management_function nexus_3524 swiftnio_http\/2 nexus_3400 cryostat nexus_31108pv-v nexus_9372tx_switch nexus_3172tq big-ip_advanced_web_application_firewall jboss_fuse nexus_3172pq-xl fedora nexus_9272q openshift_developer_tools_and_services nexus_9500r decision_manager nexus_9500_supervisor_b\+nexus_3548-x\/xl nexus_9232e nexus_92348gc-x unified_attendant_console_advanced openshift_sandboxed_containers ultra_cloud_core_-_serving_gateway_function nexus_9332d-h2r nexus_93128 nexus_3548-x nexus_9200yc nexus_3064t big-ip_policy_enforcement_manager nexus_93108tc-ex logging_subsystem_for_red_hat_openshift asp.net_core big-ip_local_traffic_manager nexus_93360yc-fx2 big-ip_webaccelerator nexus_3132q-v nexus_9336c-fx2-e solr caddy istio unified_contact_center_management_portal nexus_9332c nexus_9200 nexus_9516_switch nexus_3548 nexus_3172pq\/pq-xl nexus_3048 secure_dynamic_attributes_connector nexus_93600cd-gx nexus_9372px_switch nexus_3164q azure_kubernetes_service openshift_secondary_scheduler_operator nexus_9500_8-slot nexus_9508 openshift_virtualization prime_cable_provisioning nexus_9364c opensearch_data_prepper nexus_93128tx_switch http windows_10_21h2 firepower_threat_defense single_sign-on nexus_9221c go build_of_optaplanner prime_access_registrar networking nexus_9500_16-slot nexus_3232c nexus_93108tc-fx varnish_cache nexus_9504 jboss_enterprise_application_platform windows_10_1607 nexus_92304qc integration_camel_for_spring_boot run_once_duration_override_operator nexus_9716d-gx nexus_9000v nexus_3016 windows_11_21h2 openshift_pipelines nexus_9408 visual_studio_2022 nexus_9336pq_aci nexus_93180yc-fx3 debian_linux nx-os ceph_storage nexus_9316d-gx nginx nexus_93180tc-ex advanced_cluster_management_for_kubernetes prime_network_registrar nexus_3408-s traefik nexus_3064x nexus_9336pq_aci_spine_switch nexus_9372px unified_contact_center_domain_manager netty nexus_3264q nexus_3100v nexus_9372tx-e_switch nexus_93108tc-ex_switch traffic_server jboss_core_services nexus_9300 jboss_a-mq jboss_a-mq_streams nexus_3100 nexus_93240tc-fx2 machine_deletion_remediation_operator big-ip_application_security_manager build_of_quarkus nexus_93180yc-ex_switch nexus_9372tx-e node_maintenance_operator nexus_93180yc-ex-24 nexus_3064 openshift_dev_spaces nexus_9504_switch web_terminal nexus_9736pq self_node_remediation_operator certification_for_red_hat_enterprise_linux nexus_3172pq nexus_93128tx iot_field_network_director nexus_3636c-r nexus_3064-t nexus_9372px-e http2 nexus_92300yc_switch nexus_9364d-gx2a service_interconnect nexus_93180yc-fx ios_xe openresty nexus_31128pq openshift_service_mesh big-ip_analytics openshift_data_science big-ip_application_acceleration_manager nexus_9336pq network_observability_operator big-ip_link_controller nexus_9372px-e_switch nexus_9332pq_switch nexus_9500_supervisor_b http_server nexus_93180yc-fx-24 windows_10_22h2 node.js nexus_3600 nexus_93180lc-ex nexus_9636pq service_telemetry_framework big-ip_application_visibility_and_reporting migration_toolkit_for_applications nexus_9808 nexus_93108tc-fx-24 nexus_92160yc-x nexus_31108tc-v nexus_3200 nexus_9332d-gx2b crosswork_situation_manager nexus_3064-x nghttp2 nexus_93180yc-fx3s big-ip_websafe nexus_3464c nexus_93180yc-ex nexus_3172 nexus_9536pq astra_control_center nexus_9396px_switch nexus_92300yc openshift_api_for_data_protection h2o jetty nexus_9500_supervisor_a nexus_9500_supervisor_a\+nexus_9272q_switch satellite nexus_93180yc-fx3h process_automation data_center_network_manager ansible_automation_platform cost_management secure_web_appliance_firmware jboss_data_grid nexus_9508_switch nexus_3064-32t cert-manager_operator_for_red_hat_openshift oncommand_insight nexus_93240yc-fx2 ios_xr nexus_93180lc-ex_switch fence_agents_remediation_operator crosswork_zero_touch_provisioning nexus_3232c_ultra_cloud_core_-_policy_control_function big-ip_carrier-grade_nat nexus_3172tq-xl nexus_3524-x expressway grpc business_process_automation nexus_93108tc-fx3h nexus_92304qc_switch windows_10_1809 enterprise_linux envoy quay crosswork_data_gateway nexus_93108tc-fx3p big-ip_domain_name_system nexus_3548-xl nexus_93120tx_switch nexus_9432pq openshift_gitops nexus_3524-xl nexus_3232 nexus_9332pq nexus_3524-x\/xl big-ip_advanced_firewall_manager prime_infrastructure nexus_3016q jenkins big-ip_ssl_orchestrator nexus_9348gc-fx3 big-ip_access_policy_manager windows_server_2022 connected_mobile_experiences n/a http HTTP/2

CWE ID-CWE-400

Uncontrolled Resource Consumption

CVE-2022-20658

Assigner-Cisco Systems, Inc.

View Details

Assigner-Cisco Systems, Inc.

CVSS Score-9.6||CRITICAL

EPSS-0.26% / 49.63%

||

7 Day CHG~0.00%

Published-14 Jan, 2022 | 05:01

Updated-06 Nov, 2024 | 16:33

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

Vendor-Cisco Systems, Inc.

Product-unified_contact_center_express unified_contact_center_management_portal Cisco Unified Contact Center Domain Manager

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-44228

Assigner-Apache Software Foundation

View Details

Assigner-Apache Software Foundation

CVSS Score-10||CRITICAL

EPSS-94.36% / 99.96%

||

7 Day CHG~0.00%

Published-10 Dec, 2021 | 00:00

Updated-08 Aug, 2025 | 18:52

Known KEV||Action Due Date - 2021-12-24||For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Vendor-snowsoftware percussion Intel Corporation Apple Inc.NetApp, Inc.Bentley Systems, Incorporated Siemens AG SonicWall Inc.Cisco Systems, Inc.Fedora Project Debian GNU/Linux The Apache Software Foundation

Product-common_services_platform_collector solidfire_enterprise_sds oncommand_insight datacenter_manager active_iq_unified_manager operation_scheduler connected_analytics_for_network_deployment industrial_edge_management_hub snapcenter integrated_management_controller_supervisor firepower_1150 iot_operations_dashboard wan_automation_engine firepower_2140 system_studio virtualized_voice_browser firepower_2110 dna_center solid_edge_cam_pro 6bk1602-0aa42-0tp0 energyip comos secure_device_onboard firepower_4120 sppa-t3000_ses3000_firmware siveillance_viewpoint firepower_1120 genomics_kernel_library contact_center_domain_manager crosswork_data_gateway xpedition_package_integrator network_dashboard_fabric_controller 6bk1602-0aa22-0tp0_firmware cloud_secure_agent nexus_insights 6bk1602-0aa22-0tp0 firepower_1010 6bk1602-0aa32-0tp0 email_security unified_contact_center_management_portal opcenter_intelligence xcode dna_spaces_connector finesse solidfire_\&_hci_storage_node packaged_contact_center_enterprise unified_sip_proxy cloudcenter_suite ucs_director energy_engage fxos customer_experience_cloud_agent paging_server logo\!_soft_comfort firepower_2130 siveillance_control_pro spectrum_power_7 cloud_manager network_insights_for_data_center synchro_4d 6bk1602-0aa52-0tp0 solid_edge_harness_design fog_director network_assurance_engine firepower_4115 nexus_dashboard smart_phy business_process_automation 6bk1602-0aa42-0tp0_firmware broadworks firepower_4140 emergency_responder ucs_central computer_vision_annotation_tool video_surveillance_manager connected_mobile_experiences synchro head-end_system_universal_device_integration_system sentron_powermanager fedora cloudcenter_cost_optimizer 6bk1602-0aa12-0tp0_firmware spectrum_power_4 cloudcenter vm_access_proxy cloudcenter_suite_admin oneapi_sample_browser 6bk1602-0aa52-0tp0_firmware firepower_4150 virtual_topology_system firepower_9300 prime_service_catalog brocade_san_navigator enterprise_chat_and_email cloud_connect firepower_4145 teamcenter unified_customer_voice_portal cloud_insights rhythmyx firepower_1140 sipass_integrated siveillance_vantage intersight_virtual_appliance sd-wan_vmanage ucs_central_software contact_center_management_portal webex_meetings_server unified_intelligence_center unified_workforce_optimization energyip_prepay crosswork_zero_touch_provisioning cx_cloud_agent 6bk1602-0aa12-0tp0 unity_connection cloudcenter_workload_manager optical_network_controller virtualized_infrastructure_manager video_surveillance_operations_manager 6bk1602-0aa32-0tp0_firmware unified_communications_manager advanced_malware_protection_virtual_private_cloud_appliance identity_services_engine snow_commander cyber_vision_sensor_management_extension firepower_4112 unified_contact_center_enterprise debian_linux unified_computing_system unified_contact_center_express xpedition_enterprise log4j desigo_cc_advanced_reports ontap_tools unified_communications_manager_im_and_presence_service firepower_2120 mobility_services_engine crosswork_network_automation dna_spaces vesys automated_subsea_tuning cyber_vision siveillance_command evolved_programmable_network_manager dna_spaces\firepower_4110 mendix firepower_4125 sppa-t3000_ses3000 unified_communications_manager_im_\&_presence_service e-car_operation_center nx industrial_edge_management workload_optimization_manager firepower_threat_defense navigator capital crosswork_platform_infrastructure network_services_orchestrator data_center_network_manager crosswork_optimization_engine mindsphere siguard_dsa gma-manager desigo_cc_info_center crosswork_network_controller siveillance_identity Apache Log4j2 Log4j2

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-400

Uncontrolled Resource Consumption

CWE ID-CWE-502

Deserialization of Untrusted Data

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

N/A

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -