CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2015/09/25 12:0 a.m.•17 views

Cisco Prime Collaboration Assurance Multiple Vulnerabilities (cisco-sa-20100217-csa)

According to its self-reported version number, the remote Cisco Prime Collaboration Assurance device is prior to 10.5.1.53684 or is in the 10.6 release branch. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in the web framework due to improp...

9CVSS5.7AI score0.02644EPSS

Exploits0References4

CNVD•added 2015/09/22 12:0 a.m.•4 views

Vulnerability in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance is a set of enterprise collaboration network management solutions from the U.S. company Cisco Cisco. A security vulnerability exists in the Web framework of Cisco Prime Collaboration Assurance. A remote attacker could exploit the vulnerability by sending a...

9CVSS6.8AI score0.02644EPSS

CNVD•added 2015/09/22 12:0 a.m.•1 views

Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

Cisco Prime Collaboration Provisioning is the United States of America Cisco Cisco a set of Web-based next-generation communications services solutions. A security vulnerability exists in the Web framework of Cisco Prime Collaboration Assurance. A remote attacker could exploit the vulnerability b...

9CVSS6.9AI score0.02644EPSS

NVD•added 2015/09/20 1:59 a.m.•15 views

CVE-2015-4307

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111...

9CVSS6.1AI score0.02644EPSS

NVD•added 2015/09/20 1:59 a.m.•11 views

CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka...

8.5CVSS6.3AI score0.02279EPSS

Prion•added 2015/09/20 1:59 a.m.•12 views

Code injection

8.5CVSS6.8AI score0.02279EPSS

Prion•added 2015/09/20 1:59 a.m.•13 views

Design/Logic Flaw

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...

4CVSS6.8AI score0.01943EPSS

Exploits0References3Affected Software1

NVD•added 2015/09/20 1:59 a.m.•16 views

CVE-2015-4304

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652...

9CVSS6.2AI score0.02644EPSS

Cvelist•added 2015/09/20 1:0 a.m.•20 views

CVE-2015-4304

6.2AI score0.02644EPSS

Cvelist•added 2015/09/20 1:0 a.m.•20 views

CVE-2015-4305

6.2AI score0.01943EPSS

Exploits0References3

CVE•added 2015/09/20 1:0 a.m.•41 views

CVE-2015-4305

Cisco Prime Collaboration Assurance before 10.5.1.53684-1 contains an information-disclosure vulnerability in the web framework where authenticated, remote attackers can bypass read restrictions via a crafted URL to obtain credentials and SNMP community strings for devices imported into the syste...

4CVSS6.4AI score0.01943EPSS

Exploits0References3Affected Software1

CVE•added 2015/09/20 1:0 a.m.•49 views

CVE-2015-4307

CVE-2015-4307 affects Cisco Prime Collaboration Provisioning Web Framework prior to 11.0. An authenticated, remote attacker can bypass access controls via a crafted URL and create administrative accounts (Bug CSCut64111). The issue enables access to higher-privileged functions that should be rest...

9CVSS6.3AI score0.02644EPSS

CVE•added 2015/09/20 1:0 a.m.•55 views

CVE-2015-4306

Cisco Prime Collaboration Assurance web framework before 10.5.1.53684-1 is vulnerable to a session-ID-based escalation where remote authenticated users can bypass login restrictions and impersonate administrators for arbitrary tenant domains via crafted URLs (CVE-2015-4306; related CVEs 4304/4305...

8.5CVSS6.4AI score0.02279EPSS

CVE•added 2015/09/20 1:0 a.m.•50 views

CVE-2015-4304

CVE-2015-4304 — Cisco Prime Collaboration Assurance : The web framework (Cisco Prime Collaboration Assurance) before 10.5.1.53684-1 contains an authorization/access control flaw in its web framework that allows an authenticated remote attacker to bypass restrictions via a crafted URL. This can en...

9CVSS6.4AI score0.02644EPSS

Cvelist•added 2015/09/20 1:0 a.m.•16 views

CVE-2015-4306

6.3AI score0.02279EPSS

Cisco•added 2015/09/16 4:17 p.m.•22 views

Cisco Prime Collaboration Assurance Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about any device imported into the system database. The vulnerability is due to improper implementation of authorization and access controls. An attacker...

4CVSS6.5AI score0.01943EPSS

Cisco•added 2015/09/16 4:0 p.m.•22 views

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...

9CVSS6.4AI score0.02644EPSS