Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco Finesse 服务器端请求伪造漏洞
Vulnerability Description
Cisco Finesse是美国思科(Cisco)公司的一套呼叫中心管理软件。该软件可提升呼叫中心服务质量、改善客户体验、提高客服代表满意度。 Cisco Finesse的gadgets-integration API中存在服务器端请求伪造漏洞,该漏洞源于程序没有充分限制gadgets集成的API访问。远程攻击者可通过发送特制的HTTP请求利用该漏洞实施服务器端请求伪造攻击。以下版本受到影响:Cisco Finesse 8.5(1)版本至8.5(5)版本,8.6(1)版本,9.0(1)版本,9.0(2)版
CVSS Information
N/A
Vulnerability Type
N/A