68 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2019-1619
CVE-2019-1619 affects Cisco Data Center Network Manager (DCNM) web-based management. The flaw arises from improper session management, allowing an unauthenticated attacker to bypass authentication and execute actions with administrative privileges by sending a crafted HTTP request. Connected sour...
CVE-2019-1622
CVE-2019-1622 describes an information-disclosure vulnerability in Cisco Data Center Network Manager (DCNM). The issue arises in the web-based management interface due to improper access control for certain URLs, allowing an unauthenticated, remote attacker to request specific URLs and potentiall...
CVE-2019-1620
Cisco Data Center Network Manager (DCNM) is affected by CVE-2019-1620: an unauthenticated attacker can upload arbitrary files via the web-based management interface due to improper permissions, enabling filesystem write access and root-level code execution. Public disclosures and exploits exist (...
CVE-2019-1621
CVE-2019-1621 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The issue stems from incorrect permissions settings that could allow an unauthenticated, remote attacker to download arbitrary files from the device via the web servlet (e.g., /fm/downloadServlet). Conn...
CVE-2019-15977
CVE-2019-15977 refers to authentication bypass vulnerabilities in Cisco Data Center Network Manager (DCNM). Connected data shows concrete details: DCNM 11.2.1 is affected via LanFabricImpl, enabling command injection leading to remote code execution (RCE) with root-like access demonstrated in exp...
CVE-2019-15999
CVE-2019-15999 concerns Cisco DCNM where JBOSS EAP authentication is misconfigured, allowing an authenticated, remote attacker to access JBOSS EAP on affected DCNM instances. Technical details from connected advisories indicate the flaw stems from incorrect authentication settings in JBOSS EAP, e...
CVE-2019-15975
Cisco DCNM has authentication bypass vulnerabilities in versions prior to 11.3(1) that allow an unauthenticated, remote attacker to bypass login and perform administrative actions. The issues stem from a shared static encryption key across installations, enabling bypass via REST/SOAP APIs and web...
CVE-2019-15976
CVE-2019-15976 concerns authentication bypass vulnerabilities in Cisco Data Center Network Manager (DCNM). Multiple independent sources (NVD entry, Cisco advisory, Nessus/CISCO bundle, and exploitation references) indicate an unauthenticated remote attacker could bypass DCNM authentication and pe...
CVE-2020-3538
Cisco DCNM (Data Center Network Manager) contains a path traversal vulnerability in a REST API endpoint that allows an authenticated, remote attacker to overwrite or list arbitrary files on affected devices. The issue stems from insufficient path restrictions, exploitable by sending crafted HTTP ...
CVE-2021-1247
Cisco Data Center Network Manager (DCNM) is affected by multiple SQL injection vulnerabilities in REST API endpoints. The root cause, as described in linked advisories, is insufficient input validation in DCNM REST API handling, which could allow an authenticated, remote attacker to execute arbit...
CVE-2020-3386
CVE-2020-3386 concerns Cisco Data Center Network Manager (DCNM) REST API: an authenticated, low-privileged user can bypass API authorization due to insufficient access controls and perform arbitrary actions with administrative privileges. Affected are DCNM deployments exposing the REST API; multi...
CVE-2019-15984
CVE-2019-15984 concerns Cisco Data Center Network Manager (DCNM) with SQL Injection in the REST and SOAP APIs. The vulnerability arises from insufficient input validation, allowing an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on the DCNM backe...
CVE-2020-3377
Cisco DCNM's Device Manager has a command-injection vulnerability due to insufficient input validation. An authenticated, remote attacker could trigger arbitrary commands with administrator privileges on the DCNM. The incident is documented across multiple sources (Cisco security advisory CISCO-S...
CVE-2020-3355
CVE-2020-3355 concerns Cisco Data Center Network Manager (DCNM) web-based management interface. Connected sources confirm a stored XSS vulnerability caused by insufficient input validation in the interface, enabling an authenticated, remote attacker with administrative credentials to inject data ...
CVE-2019-15978
CVE-2019-15978 relates to Cisco Data Center Network Manager (DCNM). The issue is a command-injection vulnerability in the REST and SOAP API endpoints, arising from improper validation of user-supplied input. An authenticated, remote attacker with administrative privileges can inject arbitrary OS ...
CVE-2020-3382
Cisco DCNM (Data Center Network Manager) suffers an authentication-bypass via the REST API caused by shared static encryption keys across installations. An unauthenticated, remote attacker could craft a valid session token and perform arbitrary actions with administrative privileges on affected d...
CVE-2020-3383
DCNM Path Traversal (CVE-2020-3383) affects Cisco Data Center Network Manager’s archive utility. An authenticated, remote attacker can exploit lack of input validation for paths embedded in archive files to perform directory traversal, potentially writing arbitrary files with the privileges of th...
CVE-2020-3113
CVE-2020-3113 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The vulnerability arises from insufficient validation of user-supplied input, enabling stored XSS when a user is enticed to click a crafted link. Impact could be execution of arbitrary script in the int...
CVE-2020-3112
CVE-2020-3112 is a privilege-escalation vulnerability in Cisco Data Center Network Manager (DCNM) REST API. The issue stems from insufficient access control validation, allowing an authenticated, low-privilege user to send crafted API requests and interact with the API with administrative privile...
CVE-2020-3460
Cisco Data Center Network Manager (DCNM) web-based management interface is affected by an unauthenticated XSS vulnerability (CVE-2020-3460). The issue stems from improper validation of user-supplied input, allowing an attacker to inject malicious data into an HTTP header to execute script code in...
CVE-2020-3461
Cisco Data Center Network Manager (DCNM) exposes an information-disclosure vulnerability in its web-based management interface caused by missing authentication on a specific part of the interface. The flaw enables an unauthenticated, remote attacker to read confidential information from an affect...
CVE-2021-1249
Cisco Data Center Network Manager (DCNM) web-based management interface harbors cross-site scripting (XSS) and reflected file download (RFD) vulnerabilities. The root cause cited across sources is insufficient input validation in the DCNM web UI, enabling a remote attacker with network-operator p...
CVE-2019-15979
CVE-2019-15979 affects Cisco Data Center Network Manager (DCNM). The issue is a command-injection vulnerability in the REST and SOAP API endpoints caused by insufficient input validation, exploitable by an authenticated user with administrative privileges to inject arbitrary OS commands. The affe...
CVE-2021-1248
CVE-2021-1248 affects Cisco Data Center Network Manager (DCNM) with multiple SQL injection vulnerabilities in certain REST API endpoints. An authenticated, remote attacker could execute arbitrary SQL commands on an affected device. Connected sources confirm DCNM SQL-injection vulnerabilities and ...
CVE-2020-3356
The CVE-2020-3356 entry corresponds to a stored cross-site scripting (XSS) vulnerability in Cisco Data Center Network Manager (DCNM) web-based management interface. Reports from Cisco and Nessus detail that an unauthenticated, remote attacker could exploit insufficient input validation to inject ...
CVE-2020-3114
CVE-2020-3114 is a CSRF vulnerability in Cisco Data Center Network Manager (DCNM) web-based management interface. The root cause is insufficient CSRF protections, enabling an unauthenticated, remote attacker to persuade a logged-in user to perform arbitrary actions with the user’s privileges. Aff...
CVE-2020-3384
CVE-2020-3384 affects Cisco Data Center Network Manager (DCNM) REST API endpoints. The root cause is inadequate validation of user-supplied input in the API, which could allow an authenticated, remote attacker to inject arbitrary commands on the underlying OS with the privileges of the logged-in ...
CVE-2021-1135
CVE-2021-1135 concerns Cisco Data Center Network Manager (DCNM) REST API vulnerabilities. The issue arises from an incorrect denylist comparison in a REST API path, enabling an authenticated, remote attacker to view, modify, or delete data without proper authorization. Affected DCNM versions prio...
CVE-2021-1270
CVE-2021-1270 affects Cisco Data Center Network Manager (DCNM) via vulnerabilities in the web-based management interface that allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The root cause is failure to properly restrict access to administrat...
CVE-2021-1277
CVE-2021-1277 relates to Cisco Data Center Network Manager (DCNM) certificate validation vulnerabilities. The root cause is insufficient certificate validation when DCNM establishes HTTPS connections, enabling an attacker to spoof a trusted host or perform a MITM to intercept/alter sensitive API ...
CVE-2018-0440
CVE-2018-0440 concerns Cisco Data Center Network Manager (DCNM). The issue is in the web interface where incomplete input validation of HTTP requests allows an authenticated application administrator to execute commands on the underlying OS with root privileges. Impact is privilege escalation wit...
CVE-2020-3518
Cisco Data Center Network Manager (DCNM) XSS (CVE-2020-3518) arises from improper validation in the web-based management interface. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the affected interface or access to browser-...
CVE-2021-1272
CVE-2021-1272 describes a SSRF in Cisco Data Center Network Manager (DCNM) where insufficient validation of parameters in a specific HTTP request allows an unauthenticated, remote attacker to bypass access controls and gain unauthorized access to the Device Manager application. The issue affects ...
CVE-2018-0210
Cisco Data Center Network Manager (DCNM) contains a CSRF vulnerability that could allow an unauthenticated, remote attacker to cause arbitrary actions on an affected device by inducing a user to click a crafted link. The issue stems from insufficient CSRF protections in the web-based management i...
CVE-2020-3376
CVE-2020-3376 affects Cisco Data Center Network Manager (DCNM) Device Manager. The flaw is an authentication failure that allows an unauthenticated, remote attacker to bypass authentication by visiting hosted URLs, potentially interacting with and using functions within DCNM and executing arbitra...
CVE-2020-3462
CVE-2020-3462 describes a SQL injection in Cisco Data Center Network Manager (DCNM) web UI. The root cause is improper validation of user-supplied parameters, requiring authentication to exploit. An attacker could remotely authenticate and send malicious requests to obtain or modify data in the u...
CVE-2020-3349
Cisco Data Center Network Manager (DCNM) Web UI is affected by multiple XSS vulnerabilities caused by insufficient input validation. The issues allow an authenticated attacker to lure a user to click a crafted link, enabling arbitrary script execution in the interface context or access to browser...
CVE-2020-3439
CVE-2020-3439 affects Cisco Data Center Network Manager (DCNM) web-based management interface. A stored XSS vulnerability arises from insufficient input validation in a data field, enabling an authenticated, remote attacker to inject script and potentially access browser-based information. Impact...
CVE-2021-1269
CVE-2021-1269 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The advisory/image set describes an authorization bypass: an authenticated remote attacker could view, modify, and delete data without proper authorization in DCNM versions prior to the fixed release. C...
CVE-2021-1283
Cisco Data Center Network Manager (DCNM) is affected by an information-disclosure vulnerability in its logging subsystem. The issue arises because sensitive data is not properly masked before being written to system log files, allowing an authenticated, local attacker with valid credentials to vi...
CVE-2020-3354
CVE-2020-3354 affects Cisco Data Center Network Manager (DCNM) Web-based management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in the web UI, allowing an authenticated administrator to inject data that could execute arbitrary script ...
CVE-2021-1250
CVE-2021-1250 affects Cisco Data Center Network Manager (DCNM) Web management interface. The vulnerability set includes cross-site scripting (XSS) and a reflected file download (RFD) attack, exploitable by a remote attacker with network-operator privileges. Root cause cited as insufficient input ...
CVE-2019-15983
CVE-2019-15983 is an XML External Entity (XXE) reading vulnerability in Cisco Data Center Network Manager (DCNM) SOAP API. The issue arises when the SOAP API parses certain XML files, allowing an authenticated user with administrative privileges to exploit XXE and read arbitrary files from the de...
CVE-2020-3520
CVE-2020-3520 corresponds to a Cisco Data Center Network Manager (DCNM) information-disclosure vulnerability. The DCNM product's protection of confidential information is insufficient, allowing an authenticated, local attacker to access local filesystems and extract sensitive data, potentially en...
CVE-2021-1133
Cisco DCNM REST API vulnerabilities allow an authenticated, remote attacker to view, modify, and delete data due to insufficient API input validation, including a path traversal issue described in CNVD-2021-09309. The CVE entry covers multiple REST API weaknesses in DCNM, affecting version prior ...
CVE-2021-1286
CVE-2021-1286 affects Cisco Data Center Network Manager (DCNM) – the web-based management interface is vulnerable to cross-site scripting (XSS) and a reflected file download (RFD) when accessed by an authenticated network-operator. The root cause is insufficient input validation in the DCNM web i...
CVE-2017-12343
Cisco Data Center Network Manager (DCNM) Software is affected by multiple vulnerabilities that stem from insufficient server-side validation of user-submitted data in HTTP loads, enabling a remote attacker to manipulate DCNM configuration parameters, redirect users to malicious sites, inject cont...
CVE-2019-15980
Cisco Data Center Network Manager (DCNM) has a path traversal vulnerability (CVE-2019-15980) in the REST and SOAP API endpoints and the Application Framework. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with administrative privi...