8 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2019-1645
The CVE-2019-1645 entry corresponds to Cisco Connected Mobile Experiences (CMX) Information Disclosure. Affected component: CMX software; vulnerability arises from lack of input/validation for certain GET requests to APIs on the device. An unauthenticated, adjacent attacker can send HTTP GET requ...
CVE-2021-1144
CVE-2021-1144 (CMX Privilege Escalation) affects Cisco Connected Mobile Experiences (CMX). The issue is an authorization-check flaw in password-change handling that allows a remote, authenticated user without administrative privileges to alter the password of any user, including admins, by sendin...
CVE-2021-1522
CVE-2021-1522 describes a weakness in Cisco Connected Mobile Experiences (CMX) where the server-side change-password API does not sufficiently enforce the configured password policy. An authenticated, remote attacker could use a crafted API request to change their own password to a value that vio...
CVE-2021-1143
Summary: CVE-2021-1143 affects Cisco Connected Mobile Experiences (CMX) where lack of authorization checks on certain CMX API GET requests allows an authenticated, remote attacker to enumerate CMX users. Affected product/area: CMX API authorizations within Cisco CMX (no specific version details i...
CVE-2020-3151
CVE-2020-3151 is a Cisco CMX restricted shell escape vulnerability. An authenticated, local attacker with administrative credentials can bypass CLI restrictions due to insufficient security in the restricted shell, enabling execution of normally unauthorized commands with non-root privileges. CNV...
CVE-2020-3152
CVE-2020-3152 affects Cisco Connected Mobile Experiences (CMX). Affected component: CMX CLI with default misconfigured privileges. Root cause: improper user permissions configured by default, enabling an authenticated, local attacker with administrative credentials to execute arbitrary commands w...