09-23-2021 12:20 PM
Hey folks. Our latest security scan has identified a problem with the following files under the web directory on our UCCX server. Can someone tell me if these files are required to be on the system, or are they only required for the installation? Our support vendor is insisting that they're required for the operation of UCCX;
09-23-2021 12:52 PM - edited 09-23-2021 01:00 PM
They’re absolutely needed for operation. Either way you would not actually be able to remove these files as the different UIs you have access to does not have access to OS shell as such. CVOS as the OS is known by is a lockdown version of RHEL or CentOS.
09-24-2021 11:34 AM
Any thoughts on that Cross-Frame Scripting vulnerability on that same server?
Cisco Unified CCX Administration
System version: 12.0.1.10000-24
That version is a supported version isn't it? For various reasons we are stuck at this build for a few months at least due to an integrated solution limitation. Instead of having vulnerability scanners howling at us until we upgrade I would hope a patch would be available to correct what is really a minor config issue with Finesse website code.
09-28-2021 05:29 AM
Just to close the loop on the cross-frame scripting. I opened a case with PSIRT with simple iframe code showing the vulnerability and they pointed us towards an update to ES04. It resolved the issue in the version we are running.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide