CX Component Vulnerability Report for CX4.9.5

This vulnerability report of the CX components is scanned with Trivy Version 2 and published on 20 Jun 2025

ActiveMQ

There is 1 HIGH severity vulnerability in the report, and even though the dependency’s fix version is available, but latest patch version of the stable release of ActiveMQ, which is 6.1.6, does not contain it.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
Active MQ	Trivy	0	3	0	0	amq.json

Agent Desk

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
Agent desk	Trivy	0	0	0	0	agen_desk.json

Campaigns

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
campaigns	Trivy	61	19	8	2	campaigns.json
conversation-studio	Trivy	116	32	18	2	conversation-studio.json
campaign-scheduler	Trivy	0	1	0	0	campaign-scheduler.json

Channels

Scan Report

Component	Engine	Low	Medium	High	Report
360-connector	Trivy	0	2	0	360.json
facebook-connector	Trivy	0	2	0	facebook-connector.json
instagram-connector	Trivy	0	2	0	instagram-connector.json
hc_smpp_connector	Trivy	0	2	0	hcsmpp.json
telegram-connector	Trivy	0	2	0	telegram-connector.json
twilio-connector	Trivy	0	2	0	twilio-connector.json
twitter-connector	Trivy	0	2	0	twitter-connector.json
viber-connector	Trivy	0	2	0	viber-connector.json
email-connector	Trivy	0	2	0	email-connector.json
whatsapp-connector	Trivy	0	2	0	whatsapp-connector.json
ms-exchange	Trivy	0	2	0	ms-exchange-email-connector.json
youtube-connector	Trivy	0	2	0	youtube-connector.json
linkedinconnector	Trivy	2	4	2	linkedin.json

Core

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
agent-manager	Trivy	4	3	1	3	agent-manager.json
bot-framework	Trivy	0	3	4	0	bot-framework.json
customer-channel-manager	Trivy	0	1	1	0	customer-channel-manager.json
cim-backend	Trivy	2	0	1	1	cim-backend.json
conversation-manager	Trivy	0	3	4	0	conversation-manager.json
conversation-monitor	Trivy	0	3	4	0	conversation-monitor.json
customer-widget	Trivy	0	0	0	0	customer-widget.json
file-engine	Trivy	2	3	1	2	file-engine.json
historical-reports-manager	Trivy	0	2	0	0	historical-reports-manager.json
license-manager	Trivy	0	1	0	0	license-manager.json
realtime-reports-manager	Trivy	0	2	0	0	realtime-reports-manager.json
media-routing-engine	Trivy	0	2	4	0	media-routing-engine.json
state-events-logger	Trivy	0	2	0	0	state-events-logger.json
team-announcement	Trivy	4	3	1	2	team-announcement.json
unified-admin	Trivy	0	0	0	0	unified-admin.json
web-channel-manager	Trivy	5	5	1	2	web-channel-manager.json
business-calendar	Trivy	0	2	0	0	business-calendar.json

Eleveo Middleware

Scan Report

Component

Engine

Low

Medium

High

Critical

Report

recording-link-activities

Trivy

3

16

42

6

recording-link-activities_4.8.json

Reporting

The Reporting vulnerabilities cannot be fixed due to the end of life of the third-party tool used for CX Reporting, and no further support or updates are available. The team is working on moving all the jobs to the new Data Platform.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
reporting-connector	Trivy	0	6	3	3	reporting-con.json

Surveys

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
survey-backend	Trivy	59	19	8	2	survey-backend.json
survey-nodes	Trivy	116	32	18	2	survey-nodes.json

Expertflow ETL

The critical and high severity vulnerabilities in extended dependencies do not have a fix available currently.

Scan Report

Component	Engine	Low	Medium	High	Critical	Report
cx-data-platform	Trivy	169	88	30	5	cx-data-platform.json