51 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-1821
CVE-2019-1821 affects Cisco Prime Infrastructure (PI) / Evolved Programmable Network Manager (EPNM) Health Monitor HA components. The issue is a TarArchive Directory Traversal in the Health Monitor’s upload path that allows a remote attacker to trigger arbitrary commands via the UploadServlet (th...
CVE-2022-20656
CVE-2022-20656 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM). The issue is in the web-based management interface where insufficient input validation of the HTTPS URL allows an authenticated, remote attacker to perform a path traversal attack, potent...
CVE-2021-1487
Cisco CVE-2021-1487 affects Cisco Prime Infrastructure and Cisco EPN Manager. The web-based management interface fails to sufficiently validate user input, enabling an authenticated remote attacker to inject commands and execute them on the underlying OS with the permissions of a non-root user. I...
CVE-2021-1306
CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...
CVE-2022-20657
The CVE-2022-20657 issue affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) where the web-based management interface does not adequately validate user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. An ...
CVE-2022-20659
Cisco Prime Infrastructure and Cisco EPN Manager contain a cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script co...
CVE-2019-15958
CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...
CVE-2023-20069
Cisco CVE-2023-20069 affects the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPN Manager. The vulnerability is due to insufficient validation of user-supplied input, enabling authenticated users to lure others into a crafted link that could trigger stored XSS in the af...
CVE-2023-20121
CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...
CVE-2019-1819
CVE-2019-1819 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling authenticated remote attackers to perform directory traversal and vie...
CVE-2019-1818
CVE-2019-1818 describes a directory-traversal vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. It arises from improper sanitization of filenames in HTTP request parameters, allowing an authenticated remote attacker to submit a path to a restricted...
CVE-2023-20222
CVE-2023-20222 concerns Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by injecting malicious code into int...
CVE-2019-1820
CVE-2019-1820 affects Cisco Prime Infrastructure and Cisco EPN Manager web-based management interfaces. The root cause is improper sanitization of user-supplied input in HTTP request parameters that describe filenames, enabling directory-traversal attacks. An authenticated, remote attacker could ...
CVE-2017-6699
CVE-2017-6699 affects Cisco Prime Infrastructure (PI) and EPNM web-based management interfaces. Affected component: JSP-based web UI; root cause: insufficient validation of user-supplied input, enabling a remote, unauthenticated attacker to trigger a reflected cross-site scripting (XSS) attack by...
CVE-2019-1824
CVE-2019-1824 affects Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager. The web-based management interface is vulnerable to SQL injection due to improper validation of user-supplied input in SQL queries. An authenticated, remote attacker can send a crafted HTTP reque...
CVE-2021-34707
CVE-2021-34707 concerns a information-disclosure vulnerability in the REST API of Cisco EPNM. An authenticated, remote attacker can exploit this by sending a specific API request to obtain sensitive information from the application. The issue is attributed to insufficient protection of sensitive ...
CVE-2023-20205
Cisco CVE-2023-20205 covers multiple stored XSS vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPNM. Root cause: insufficient validation of user-supplied input in the interface, exploitable when an authenticated user with valid credentials views a c...
CVE-2023-20257
CVE-2023-20257 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. The flaw stems from improper validation of user-supplied input, allowing an authenticated, remote attacker to submit malicious content that is stored and can trigger cross-site scripting against othe...
CVE-2019-1822
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager contain CVE-2019-1822, a vulnerability in the web-based management interface that allows an authenticated remote attacker to execute code with root privileges. The issue arises from improper validation of user-su...
CVE-2019-1823
CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...
CVE-2023-20203
The CVE-2023-20203 entry describes stored Cross-Site Scripting (XSS) vulnerabilities in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) web-based management interfaces. Root cause: insufficient validation of user-supplied input, enabling an authenticated, remote a...
CVE-2025-20203
CVE-2025-20203 details (Cisco EPNM and Cisco Prime Infrastructure): A stored XSS vulnerability exists in the web-based management interface due to improper validation of user input. An authenticated attacker with valid admin credentials could inject malicious code into data fields, potentially ex...
CVE-2021-34784
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) are affected by a stored cross-site scripting (XSS) vulnerability in their web-based management interfaces. The issue arises from improper validation of user-supplied input, allowing an authenticated, remote att...
CVE-2025-20120
CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...
CVE-2024-20514
Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces are affected by a stored cross-site scripting (XSS) vulnerability that arises from improper input validation. An authenticated, low-privileged attacker could inject malicious code via a targeted page, enabling execution of ...
CVE-2016-1406
CVE-2016-1406 affects Cisco Prime Infrastructure before 3.1 and Cisco EPNM before 1.2.4. The vulnerability stems from incorrect RBAC evaluation in the API web interface, allowing remote authenticated users to bypass restrictions via crafted JSON data and obtain sensitive information, potentially ...
CVE-2023-20260
CVE-2023-20260 affects Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). The root cause is improper processing of command line arguments to application scripts in the CLI, enabling an authenticated, local attacker to escalate to root privileges on the underlying OS...
CVE-2016-1291
CVE-2016-1291 affects Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco EPNM 1.2. The vulnerability stems from insecure deserialization of data in HTTP POST requests, enabling remote attackers to execute arbitrary code on affected systems. Impact is described as remote code execution with...
CVE-2019-1825
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interfaces are affected by CVE-2019-1825 due to improper validation of user-supplied input in SQL queries. The vulnerability could allow an authenticated, remote attacker to execute arbitrary...
CVE-2023-20131
CVE-2023-20131 affects Cisco Prime Infrastructure and Cisco EPNM via the web-based management interface, enabling XSS and CSRF due to insufficient input validation and CSRF protections. The issue is part of multiple vulnerabilities described in Cisco advisory cisco-sa-pi-epnm-eRPWAXLe, with relat...
CVE-2026-20155
Cisco EPNM has a REST API authorization flaw in its web-based management interface. An authenticated user with low privileges can query a REST endpoint and potentially view session information of active EPNM users, including administrators, which could lead to device compromise. The provided sour...
CVE-2017-6662
CVE-2017-6662 : A XXE-based vulnerability in the web-based UI of Cisco Prime Infrastructure (PI) and Cisco EPNM allows an authenticated, remote attacker to read/write information and execute code in the affected application. Root cause: improper handling of XML External Entity entries when parsin...
CVE-2023-20129
CVE-2023-20129 covers multiple vulnerabilities in the web‑based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). The issues include information disclosure, cross‑site scripting (XSS), cross‑site request forgery (CSRF), and an arbitrary fil...
CVE-2023-20130
CVE-2023-20130 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces, enabling CSRF alongside XSS and information disclosure. Nessus plugins indicate the issues impact installations prior to specific fixed versions, while Cisco’s advisory states that software updates a...
CVE-2021-34733
Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager expose an information-disclosure vulnerability in their CLI. An authenticated, local attacker could access sensitive data stored on the underlying file system due to insufficient protection of sensitive information. T...
CVE-2017-3884
The CVE-2017-3884 entry describes an information-disclosure vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager. An authenticated, remote attacker could access sensitive data without administrator credentials, enabling reconnaissan...
CVE-2023-20201
CVE-2023-20201 affects Cisco Prime Infrastructure and Cisco EPNM. The issue is stored XSS in the web-based management interface due to insufficient input validation. An authenticated user viewing a crafted page could have arbitrary script execution in the interface context or access browser-based...
CVE-2023-20271
CVE-2023-20271 affects Cisco Prime Infrastructure and Cisco EPNM web-based management interfaces. An authenticated, remote attacker can exploit improper validation of user-submitted parameters to perform SQL injection against the underlying database, potentially exposing or modifying sensitive in...
CVE-2016-1289
Cisco Prime Infrastructure 1.2–3.0 and EPNM 1.2 expose an API flaw that allows unauthenticated, remote access via crafted HTTP requests, potentially enabling code execution or access to stored credentials. The issue stems from inadequate input validation of API URIs, permitting manipulation of AP...
CVE-2023-20258
CVE-2023-20258 affects Cisco Prime Infrastructure (web-based management interface) and related EPNM/PI components. The flaw arises from improper processing of serialized Java objects, enabling an authenticated, remote attacker to upload a document containing malicious serialized objects and cause...
CVE-2016-1408
Cisco Prime Infrastructure (PI) versions 1.2–3.1 and EPNM versions 1.2–2.0 expose a web-UI vulnerability that allows an authenticated, remote attacker to upload arbitrary files and execute commands via a crafted HTTP request. The root cause is incomplete input validation in the web interface. Imp...
CVE-2016-6443
CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...
CVE-2016-1290
The CVE-2016-1290 issue affects Cisco Prime Infrastructure 1.2.0–2.2(2) and Cisco EPNM 1.2. The vulnerability stems from the web API allowing an authenticated remote user to bypass RBAC via an HTTP request that does not conform to a pattern filter, enabling elevated privileges (Bug CSCuy10227). P...
CVE-2025-20272
CVE-2025-20272 : Affects a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). An authenticated, low-privilege remote attacker could exploit insufficient input validation to perform a blind SQL injection, potentially viewing data from database ...
CVE-2025-20270
CVE-2025-20270 affects Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. The issue is an information disclosure caused by improper validation of API endpoint requests in the web-based management interface. An authenticated, low-privileged user could remotely exploi...
CVE-2025-20287
Cisco EPNM Arbitrary File Upload (CVE-2025-20287) affects the web-based management interface of Cisco Evolved Programmable Network Manager. Root cause: improper validation of uploaded files via a specific API endpoint, allowing an authenticated attacker with valid Config Managers credentials to u...
CVE-2025-20269
The CVE-2025-20269 issue affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. Root cause: insufficient input validation for specific HTTP requests, enabling an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the device’s file system. I...
CVE-2025-20280
The CVE-2025-20280 issue affects Cisco EPNM and Cisco Prime Infrastructure, where the web-based management interface improperly validates user input, enabling an authenticated, remote attacker with administrative credentials to perform a stored cross-site scripting (XSS) attack against interface ...
CVE-2026-20075
CVE-2026-20075 affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. The root cause is improper validation of user input, enabling a stored cross-site scripting (XSS) vulnerability in data fields. An authenticated, remote attacker with valid admin credentials could in...