CVE-2019-15983

CVE-2019-15983 is an XML External Entity (XXE) reading vulnerability in Cisco Data Center Network Manager (DCNM) SOAP API. The issue arises when the SOAP API parses certain XML files, allowing an authenticated user with administrative privileges to exploit XXE and read arbitrary files from the de...

CVE-2019-15984 Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

CVE-2019-15985

CVE-2019-15985 corresponds to multiple SQL injection vulnerabilities in Cisco Data Center Network Manager (DCNM) REST and SOAP APIs. Affected versions are DCNM prior to 11.3(1). An authenticated, remote attacker with administrative privileges can exploit insufficient input validation to execute a...

CVE-2019-15985 Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

CVE-2019-15985 Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

Cisco Data Center Network Manager XML External Entity Read Access Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An XML external entity read access vulnerability exists in the SOAP API of Cisco...

Cisco Data Center Network Manager SOAP API SQL Injection Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SOAP API SQL injection vulnerability exists in Cisco Data Center Network Manager...

Cisco Data Center Network Manager Command Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...

Cisco Data Center Network Manager XML External Entity Read Access Vulnerability

A vulnerability in the SOAP API of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application...

Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

PT-2020-1391 · Cisco · Cisco Data Center Network Manager

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM affected versions not specified Description: The issue concerns the authentication mechanisms of Cisco Data Center Network Manager DCNM, where multiple vulnerabilities could allow an unauthenticated,...

Design/Logic Flaw

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO...

CVE-2019-8986

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO...

CVE-2019-8986

The CVE-2019-8986 entry concerns a vulnerability in the SOAP API component of TIBCO JasperReports Server and JasperReports Server for ActiveMatrix BPM. Affected releases include JasperReports Server up to 6.3.4, 6.4.0–6.4.3 and ActiveMatrix BPM variant up to 6.4.3. The issue may allow a malicious...

CVE-2019-8986 TIBCO JasperReports Server XML Entity Expansion Vulnerability

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO...

VMware ESXi Login Failed For Authenticated Checks

It was NOT possible to login into the ESXi SOAP API via HTTP using the provided VMware ESXi credentials. Hence authenticated checks are NOT enabled. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

SugarCRM portal_get_related_notes SQL Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portalgetrelatednotes" SOAP function. User input passed through the "orderby" parameter is not properly sanitized before being...

SugarCRM portal_get_related_notes SQL Injection

--------------------------------------------------------------- SugarCRM portalgetrelatednotes SQL Injection Vulnerability --------------------------------------------------------------- - Software Link: http://www.sugarcrm.com - Affected Versions: All versions prior to 7.9.4.0 and 7.11.0.0. -...

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

Code injection

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...