Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jan 2021, 16:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:finesse:12.5\(1\):es3:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):-:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):-:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):es5:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):es4:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):es4:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):es2:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):es1:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):es3:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):es1:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.0\(1\):es2:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:* |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2 - Vendor Advisory |
13 Jan 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-13 22:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1246
Mitre link : CVE-2021-1246
CVE.ORG link : CVE-2021-1246
JSON object : View
Products Affected
cisco
- finesse