Preview Tool

Cisco Bug: CSCvs52916 - Finesse OpenSocial Gadget Editor (http://<Finesse FQDN>/editor) opens without username & password

Last Modified

Sep 25, 2020

Products (1)

  • Cisco Finesse

Known Affected Releases

11.6(1)ES11 12.0(1)ES2

Description (partial)

Finesse OpenSocial Gadget Editor URL (http://<Finesse FQDN>/editor or https://<Finesse FQDN>/editor) is accessible without username and password. 
This is a potential risk according to the customers as it is unsafe because and anyone can pass XML input and exploit the system.
Access to this URL should at least be password protected

Finesse editor URL (http://<Finesse FQDN>/editor) is accessible without username & password
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.