Lucene search
K

1063 matches found

Cisco
Cisco
added 2016/02/24 4:0 p.m.55 views

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...

8.5CVSS9.1AI score0.02801EPSS
Exploits0References1
OSV
OSV
added 2016/02/07 11:59 a.m.4 views

CVE-2016-1301

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1112 and Cisco Prime Security Manager PRSM software before 9.3.1.1112 allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842...

8.8CVSS5.9AI score0.02472EPSS
Exploits0References3
Cisco
Cisco
added 2016/02/03 4:0 p.m.47 views

Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability

A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager PRSM could allow an authenticated, remote attacker to change the password of any user on the system. The vulnerability exists because the password change request is not fully qualified. An...

8.5CVSS8.8AI score0.02472EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/20 12:0 a.m.6 views

Cisco Videoscape Distribution Suite Service Manager Security Bypass Vulnerability

Cisco Videoscape Distribution Suite Service Manager is a suite of reporting and analysis tools for VDS products from Cisco in the United States. Cisco Videoscape Distribution Suite Service Manager fails to use RBAC control over back-end database access in real-time, allowing remote attackers to...

6.5CVSS6.9AI score0.00952EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/10 10:40 p.m.53 views

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

4CVSS6AI score0.00955EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/05 12:0 a.m.5 views

Cisco Secure Access Control Server Security Restriction Bypass Vulnerability

Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions by accessing...

4CVSS6.8AI score0.01368EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/26 12:0 a.m.42 views

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

4CVSS6.5AI score0.0137EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Unspecified Vulnerability in Persistent Systems Accelerite Radia Client Automation

Persistent Systems Accelerite Radia Client Automation formerly known as HP Client Automation is a client automation management solution from Persistent Systems India. The solution provides monitoring, alerting, auto-remediation and reporting on hardware, applications and operating systems. A...

5CVSS6.9AI score0.0151EPSS
Exploits0References1
CERT
CERT
added 2015/10/20 12:0 a.m.46 views

HP Client Automation and Radia Client Automation is vulnerable to remote code execution

Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...

10CVSS7.6AI score0.06081EPSS
Exploits0References5
NVD
NVD
added 2015/10/19 6:59 p.m.21 views

CVE-2015-7862

Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...

5CVSS6.7AI score0.0151EPSS
Exploits0References2
Prion
Prion
added 2015/10/19 6:59 p.m.14 views

Improper access control

Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...

5CVSS7.2AI score0.0151EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/10/19 6:0 p.m.48 views

CVE-2015-7862

CVE-2015-7862 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The vulnerability stems from improper implementation of Role Based Access Control, allowing a remote attacker to modify an account’s role assignments via unspe...

5CVSS6.9AI score0.0151EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2015/09/08 12:0 a.m.15 views

Red Hat PicketLink IDP ignores role based authorization

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/08/28 12:0 a.m.7 views

Red Hat PicketLink Privilege Bypass Vulnerability

Red Hat PicketLink is a unified identity management framework for Java applications. The 'invokeNextValve' function in the identity/federation/bindings/tomcat/idp/AbstractIDPValve.java file of Red Hat PicketLink failed to correctly Checking role-based authorization allows remote attackers to send...

4CVSS7.1AI score0.01913EPSS
Exploits0References1
NVD
NVD
added 2015/08/26 7:59 p.m.14 views

CVE-2015-3158

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...

4CVSS6.3AI score0.01913EPSS
Exploits0References8
Prion
Prion
added 2015/08/26 7:59 p.m.10 views

Authorization

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...

4CVSS6.8AI score0.01913EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2015/08/26 7:0 p.m.66 views

CVE-2015-3158

CVE-2015-3158 affects PicketLink in Red Hat JBoss EAP 6.x where the invokeNextValve in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java fails to enforce role-based authorization. This allows remote authenticated users to access restricted resources via a direct request or an SP-initi...

4CVSS6.4AI score0.01913EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2015/08/24 4:10 p.m.3 views

PicketLink: PicketLink IDP ignores role based authorization

A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...

4CVSS5.7AI score0.01913EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/24 3:53 p.m.4 views

PicketLink: PicketLink IDP ignores role based authorization

A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...

4CVSS5.7AI score0.01913EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/24 3:52 p.m.4 views

PicketLink: PicketLink IDP ignores role based authorization

A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...

4CVSS5.7AI score0.01913EPSS
Exploits0References4
Rows per page
Query Builder