7 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-34748
Cisco Intersight Virtual Appliance is affected by a command-injection vulnerability in its web-based management interface caused by insufficient input validation. An authenticated, remote attacker could send crafted input to the interface and execute arbitrary commands with root-level privileges....
CVE-2023-20237
CVE-2023-20237 affects Cisco Intersight Virtual Appliance. The issue arises from insufficient restrictions on internally accessible HTTP proxies, allowing an unauthenticated, adjacent attacker to submit a crafted CLI command and access internal HTTP services that are otherwise inaccessible, poten...
CVE-2021-1617
Cisco Intersight Virtual Appliance (CVE-2021-1617) suffers from path traversal and command-injection vulnerabilities due to insufficient input validation in the web-based management interface. An authenticated remote attacker could use crafted input to read/write arbitrary files or execute comman...
CVE-2021-1618
CVE-2021-1618 affects Cisco Intersight Virtual Appliance. Vulnerabilities in the web-based management interface allow authenticated, remote attackers to perform path traversal or command injection due to insufficient input validation. Impact per sources: reads/writes of arbitrary files and possib...
CVE-2021-1601
Cisco Intersight Virtual Appliance contains IPv4/IPv6 forwarding vulnerabilities on the external management interface caused by insufficient restrictions on received packets. An unauthenticated, adjacent attacker could reach sensitive internal services and, per the advisory, potentially alter dev...
CVE-2021-1600
CVE-2021-1600 refers to multiple vulnerabilities in Cisco Intersight Virtual Appliance where an unauthenticated, adjacent attacker could access sensitive internal services from an external interface due to insufficient restrictions on IPv4/IPv6 packets received on the external management interfac...