Lucene search
K
CiscoApplication Policy Infrastructure Controller Enterprise Module

8 matches found

CVE
CVE
added 2018/07/16 5:0 p.m.95 views

CVE-2018-0368

Cisco DNA Center (CVE-2018-0368) contains an information-disclosure vulnerability allowing an authenticated, local attacker to read unprotected log files that may include system credentials due to insufficient security restrictions. Affected product: Cisco DNA Center. Root cause: lack of proper a...

7.8CVSS7.2AI score0.00333EPSS
CVE
CVE
added 2016/04/28 10:0 p.m.53 views

CVE-2016-1386

CVE-2016-1386 affects Cisco APIC-EM (APIC-Enterprise Module) API in version 1.0(1). The API vulnerability allows remote attackers to spoof administrator notifications by sending crafted attribute-value pairs (Bug CSCux15521). Root cause: insufficient protection of API functions. Impact per source...

7.5CVSS7.4AI score0.01061EPSS
CVE
CVE
added 2016/02/07 11:0 a.m.52 views

CVE-2016-1305

CVE-2016-1305 is a Cross-Site Scripting (XSS) vulnerability in Cisco APIC-EM 1.1. The issue stems from insufficient sanitization of HTML entities in the web framework, enabling remote attackers to inject arbitrary script/HTML via vectors involving HTML entities (Bug ID CSCux15511). The NVD listin...

6.1CVSS5.9AI score0.01009EPSS
CVE
CVE
added 2016/01/26 2:0 a.m.50 views

CVE-2015-6337

CVE-2015-6337 describes a cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10. A crafted hostname in an SNMP response can let a remote attacker inject arbitrary web script/HTML, potentially hijacking browser sessions or...

6.1CVSS5.9AI score0.01009EPSS
CVE
CVE
added 2017/11/02 4:0 p.m.50 views

CVE-2017-12262

Cisco APIC-EM (Application Policy Infrastructure Controller Enterprise Module) 1.x before 1.5 is affected by a firewall configuration flaw. The misconfigured firewall rule allows traffic arriving at the device’s public interface to be forwarded to the internal virtual network, enabling an unauthe...

8.8CVSS8.7AI score0.00781EPSS
CVE
CVE
added 2018/08/15 8:0 p.m.47 views

CVE-2018-0427

CVE-2018-0427 affects Cisco DNA Center CronJob scheduler API. An authenticated remote attacker could exploit improper input validation to execute arbitrary commands with root privileges. This aligns with multiple linked sources describing a command-injection vulnerability. The advisory notes ther...

9CVSS9.1AI score0.0614EPSS
CVE
CVE
added 2016/08/18 7:0 p.m.45 views

CVE-2016-1365

CVE-2016-1365 affects Cisco APIC-EM (Grapevine update process) and allows an authenticated remote attacker to execute arbitrary commands as root via a crafted upgrade parameter. The root cause is insufficient input sanitization during the Grapevine update process. Impact is remote code execution ...

8.8CVSS8.6AI score0.02656EPSS
CVE
CVE
added 2016/02/09 2:0 a.m.43 views

CVE-2016-1318

Cisco APIC-EM (Enterprise Module) 1.1 is affected by CVE-2016-1318, a cross-site scripting vulnerability in the web framework that permits remote injection of arbitrary script/HTML via crafted markup data. Root cause described as insufficient input validation in the web framework. Cisco advisory ...

6.1CVSS6AI score0.01009EPSS