Lucene search
K

1098 matches found

CVE
CVE
added 2023/01/19 1:35 a.m.145 views

CVE-2023-20018

CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...

8.6CVSS6.6AI score0.00613EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/19 1:32 a.m.104 views

CVE-2023-20010

CVE-2023-20010 affects Cisco Unified Communications Manager (CUCM) and CUCM Session Management Edition (SME). The issue is a web interface input-validation flaw that enables an SQL injection when an authenticated, low-privileged user sends crafted queries. Impact shown in sources: read/modify dat...

8.8CVSS8.7AI score0.00902EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/18 5:48 p.m.497 views

CVE-2022-20967

CVE-2022-20967 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is stored cross-site scripting caused by improper validation of input before storage, enabling an authenticated, remote attacker to inject malicious HTML/script that can be used in subsequent XSS...

5.4CVSS5.3AI score0.00541EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/18 5:48 p.m.31 views

CVE-2022-20967

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...

4.8CVSS6.3AI score0.00541EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/18 5:47 p.m.13 views

CVE-2022-20964

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the...

6.3CVSS7.8AI score0.30649EPSS
Exploits0References1
CVE
CVE
added 2023/01/18 5:46 p.m.491 views

CVE-2022-20966

Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS flaw due to improper input validation before storage. An authenticated, remote attacker could inject malicious HTML/script via entries created in the interface, enabling XSS against other users. Affect...

5.4CVSS5.3AI score0.276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/18 5:46 p.m.30 views

CVE-2022-20966

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...

5.4CVSS6.3AI score0.276EPSS
Exploits0References1
hivepro
hivepro
added 2023/01/16 12:29 p.m.35 views

Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability CVE-2023-20025 allows an unauthenticated attacker...

4.7AI score0.01633EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.5 views

PT-2023-2551

Name of the Vulnerable Software and Affected Versions Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 versions affected versions not specified Description A vulnerability in the web-based management interface of Cisco Small Business Routers could allow an authenticated,...

8.5CVSS8AI score0.53827EPSS
Exploits0References78
NVD
NVD
added 2023/01/05 7:15 a.m.14 views

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

8.8CVSS9.1AI score0.00805EPSS
Exploits0References1
NVD
NVD
added 2023/01/05 7:15 a.m.27 views

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

8.8CVSS9AI score0.00952EPSS
Exploits0References1
Prion
Prion
added 2023/01/05 7:15 a.m.23 views

Cross site scripting

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary...

5.8CVSS6AI score0.00462EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/03 7:50 p.m.56 views

CVE-2022-43530

CVE-2022-43530 concerns Aruba ClearPass Policy Manager, where vulnerabilities in the web-based management interface could allow an authenticated remote attacker to perform SQL injection against the underlying database. The impact described across sources is potential exposure and modification of ...

8.8CVSS8.9AI score0.00952EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/03 7:39 p.m.60 views

CVE-2022-43527

CVE-2022-43527 concerns multiple XSS vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator. Affected are on-premises and cloud variants of Aruba EdgeConnect Enterprise Orchestrator and related deployments, with vulnerable versions including 9.2.1.40179...

6.1CVSS5.9AI score0.00462EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/03 7:4 p.m.31 views

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

8.8CVSS9.1AI score0.00952EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.5 views

PT-2023-14241 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.12 and below Description: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remo...

8.8CVSS8.9AI score0.00952EPSS
Exploits0References3
NVD
NVD
added 2022/12/12 1:15 p.m.16 views

CVE-2022-37919

A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...

7.5CVSS0.00694EPSS
Exploits0References1
Prion
Prion
added 2022/12/12 1:15 p.m.29 views

Design/Logic Flaw

A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...

5CVSS7.5AI score0.00694EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/12/08 4:15 p.m.21 views

CVE-2022-37918

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network...

8.1CVSS0.0076EPSS
Exploits0References1
CVE
CVE
added 2022/12/08 12:0 a.m.75 views

CVE-2022-37917

CVE-2022-37917 affects Aruba AirWave Management Platform, exposing some web-based management URLs to broken access control. An attacker with limited privileges could access sensitive information or modify network configurations with higher-privilege effects. Impact is tied to AirWave versions 8.2...

8.1CVSS8.3AI score0.0076EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder