CX Component Vulnerability Report - Template

This vulnerability report of the CX components is scanned with Trivy Version 2 and published on 20 Jun 2025

ActiveMQ

There is 1 HIGH severity vulnerability in the report, and even though that dependency’s fix version is available but latest patch version of stable release of ActiveMQ, which is 6.1.6, does not contain it.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
Active MQ	Trivy	1	3	1	0	activemq_trivy_report.txt

Agent Desk

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
Agent desk	Trivy	0	0	0	0	unified-agent.4.9.3.json

Campaigns

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
campaigns	Trivy	60	12	8	1	campaigns.json
conversation-studio	Trivy	113	23	10	1	conversation-studio.json
campaign-scheduler	Trivy	1	0	0	0	campaign-scheduler_4.9.2.json

Channels

Scan Report

Component	Engine	Low	Report
360-connector	Trivy	1	360-connector.json
facebook-connector	Trivy	1	facebook-connector_4.9.2.json
instagram-connector	Trivy	1	instagram-connector_4.9.2.json
hc_smpp_connector	Trivy	1	hc_smpp_connector_4.9.2.json
telegram-connector	Trivy	2	telegram-connector_trivy_report.txt
twilio-connector	Trivy	2	twilio-connector_trivy_report.txt
twitter-connector	Trivy	1	twitter-connector_4.9.2.json
viber-connector	Trivy	1	viber-connector_4.9.2.json
email-connector	Trivy	1	email-connector_4.9.2.json
whatsapp-connector	Trivy	1	whatsapp-connector_4.9.2.json
ms-exchange	Trivy	1	ms-exchange-email-connector_4.9.3.json
youtube-connector	Trivy	1	youtube-connector_4.9.2.json
linkedinconnector	Trivy	2	linkedin-connecter_trivy_report.txt

Core

Scan Report

Component	Engine	Low	Medium	High	Report
agent-manager	Trivy	3	11	1	agent-manager_4.9.3.json
bot-framework	Trivy	1	3	0	bot-framework_4.9.2.json
customer-channel-manager	Trivy	1	3	0	customer-channel-manager_4.9.2.json
cim-backend	Trivy	3	9	5	cim-backend_4.9.json
conversation-manager	Trivy	1	3	0	conversation-manager_4.9.2.json
conversation-monitor	Trivy	1	3	0	conversation-monitor_4.9.2.json
customer-widget	Trivy	0	0	0	customer-widget_4.9.3.json
file-engine	Trivy	0	2	4	file-engine_4.9.json
historical-reports-manager	Trivy	1	0	0	historical-reports-manager_4.9.2.json
license-manager	Trivy	1	0	0	license-manager_4.9.2.json
realtime-reports-manager	Trivy	1	0	0	realtime-reports-manager_4.9.2.json
media-routing-engine	Trivy	2	7	0	media-routing-engine_4.9.2.json
state-events-logger	Trivy	1	0	0	state-events-logger_4.9.2.json
team-announcement	Trivy	13	12	8	team-announcement_4.7.json
unified-admin	Trivy	3	14	5	unified-admin_4.9.3.json
web-channel-manager	Trivy	3	14	3	web-channel-manager_4.9.3.json
business-calendar	Trivy	2	0	0	business-calendar_trivy_report.txt

Eleveo Middelware

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
recording-link-activities	Trivy	20	115	67	2	recording-middleware_4.8.json

QM

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
qm-connector	Trivy	2	28	54	7	qm-connector_4.8.json
qm-backend	Trivy	1350	4337	1126	22	qm-backend_4.8.json

Reporting

As the Reporting vulnerabilities cannot be fixed due to the end of life of the third-party tool used for CX Reporting, and no further support or updates are available. The team is working on moving all the jobs to the new Data Platform.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
reporting-connector	Trivy	0	6	3	3	reporting-connector_4.8.json

Surveys

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
survey-backend	Trivy	59	12	8	1	survey-backend.json
survey-nodes	Trivy	113	23	11	1	survey-node.json

Expertflow ETL

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component

Engine

Low

Medium

High

Critical

Report

cx-data-platform

Trivy

169

75

28

3

cx-data.json