CNNVD-202511-397 Information
CNNVD ID
CNNVD-202511-397
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
Cisco Unified Intelligence Center等都是美国思科(Cisco)公司的产品。Cisco Unified Intelligence Center是一套基于Web的报表平台。Cisco Unified Contact Center Express(Unified CCX)是一款统一通信解决方案中的客户关系管理组件。Cisco Unified Contact Center Enterprise是一个统一联络中心。 Cisco多款产品存在信息泄露漏洞,该漏洞源于对某些API端点请求验证不当,可能导致低权限用户查看受限敏感信息。以下产品受到影响:Cisco Packaged Contact Center Enterprise、Cisco Unified Contact Center Enterprise、Cisco Unified Contact Center Express、Cisco Unified Intelligence Center。
Description (English)
Cisco United Information Center and others are all Cisco products. Cisco United Information Center is a Web-based reporting platform. Cisco Unified Contact Center Express (Unified CCX) is a customer relationship management component of a unified communications solution. Cisco Unified Contact Center Enterprise is a unified focal point. There is an information leakage loophole in the Cisco multi-products, which results from inappropriate validation of certain API endpoint requests and may result in low-licensed users viewing restricted sensitive information. The following products were affected: Cisco Packaged Contact Center Enterprise, Cisco United Contractor Enterprise, Cisco United Contact Center Express, Cisco United Industry Center.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
思科
Published
2025-11-05
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn https://access.redhat.com/security/cve/cve-2025-20377