4 matches found
CVE-2021-1393
Cisco Application Services Engine (ASE) is affected by CVE-2021-1393 and CVE-2021-1396 due to insufficient access controls in a Data Network service/API, enabling unauthenticated, remote attackers to gain privileged host-level access, learn device-specific information, create diagnostic files, an...
CVE-2021-1396
CVE-2021-1396 affects Cisco Application Services Engine (ASE) and enables an unauthenticated, remote attacker to access privileged host-level operations via insufficient access controls in an ASE Data Network API. Impact includes learning device-specific information, creating diagnostic files in ...
CVE-2020-3333
CVE-2020-3333 affects Cisco Application Services Engine (APIC) Software API responsible for event policies. The root cause is insufficient authentication of users who modify policies, enabling an unauthenticated, remote attacker to craft HTTP requests to contact an affected device and update even...
CVE-2020-3335
CVE-2020-3335 affects Cisco Application Services Engine Software. The issue is in the keystore and stems from insufficient authorization restrictions, allowing an authenticated, local attacker to read other users’ sensitive information on an affected device. Impact is read access to user data wit...