1098 matches found
CVE-2023-20018
CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...
CVE-2023-20010
CVE-2023-20010 affects Cisco Unified Communications Manager (CUCM) and CUCM Session Management Edition (SME). The issue is a web interface input-validation flaw that enables an SQL injection when an authenticated, low-privileged user sends crafted queries. Impact shown in sources: read/modify dat...
CVE-2022-20967
CVE-2022-20967 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is stored cross-site scripting caused by improper validation of input before storage, enabling an authenticated, remote attacker to inject malicious HTML/script that can be used in subsequent XSS...
CVE-2022-20967
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...
CVE-2022-20964
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the...
CVE-2022-20966
Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS flaw due to improper input validation before storage. An authenticated, remote attacker could inject malicious HTML/script via entries created in the interface, enabling XSS against other users. Affect...
CVE-2022-20966
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...
Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability CVE-2023-20025 allows an unauthenticated attacker...
PT-2023-2551
Name of the Vulnerable Software and Affected Versions Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 versions affected versions not specified Description A vulnerability in the web-based management interface of Cisco Small Business Routers could allow an authenticated,...
CVE-2022-43531
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...
CVE-2022-43522
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...
Cross site scripting
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary...
CVE-2022-43530
CVE-2022-43530 concerns Aruba ClearPass Policy Manager, where vulnerabilities in the web-based management interface could allow an authenticated remote attacker to perform SQL injection against the underlying database. The impact described across sources is potential exposure and modification of ...
CVE-2022-43527
CVE-2022-43527 concerns multiple XSS vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. Affected are on-premises and cloud variants of Aruba EdgeConnect Enterprise Orchestrator and related deployments, with vulnerable versions including 9.2.1.40179...
CVE-2022-43522
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...
PT-2023-14241 · Aruba · Aruba Clearpass Policy Manager
Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.12 and below Description: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remo...
CVE-2022-37919
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...
Design/Logic Flaw
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...
CVE-2022-37918
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network...
CVE-2022-37917
CVE-2022-37917 affects Aruba AirWave Management Platform, exposing some web-based management URLs to broken access control. An attacker with limited privileges could access sensitive information or modify network configurations with higher-privilege effects. Impact is tied to AirWave versions 8.2...