16 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-1874
CVE-2019-1874 affects Cisco Prime Service Catalog and is a CSRF vulnerability in the web-based management interface caused by insufficient CSRF protection. An unauthenticated, remote attacker could lure a user to a malicious link and perform arbitrary actions with the privileges of the affected u...
CVE-2019-1875
Cisco Prime Service Catalog’s web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient validation of user-supplied input. An authenticated, remote attacker can craft strings added to multiple configuration fields to execute arbitrary script code within the in...
CVE-2022-20680
CVE-2022-20680 affects Cisco Prime Service Catalog. The vulnerability arises from improper enforcement of Administrator privilege levels for low-value sensitive data in the web-based management interface. An attacker with read-only Administrator access can send a crafted HTTP request to the page ...
CVE-2018-0285
CVE-2018-0285 affects Cisco Prime Service Catalog. The issue arises from excessive logging that exhausts disk space, enabling an authenticated, remote attacker to deny service to the user interface. Data from NVD and Cisco advisories confirm the vulnerability is a disk-space exhaustion DoS via lo...
CVE-2018-0200
CVE-2018-0200 affects Cisco Prime Service Catalog (PSC) web-based interface. The issue is a reflected cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, exploitable by persuading an unauthenticated, remote user to click a crafted link. Successful ex...
CVE-2017-12364
Cisco Prime Service Catalog (PSC) Web Framework contains a SQL Injection flaw where unsanitized user input used in SQL queries allows an unauthenticated remote attacker to read data from database tables. This is detailed in CVE-2017-12364 with Cisco Bug CSCvg30333; related advisories include Cisc...
CVE-2018-15451
CVE-2018-15451 is a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime Service Catalog. The issue stems from insufficient validation of user-supplied input processed by the interface, allowing an authenticated, remote attacker to lure a user into clickin...
CVE-2015-4190
CVE-2015-4190 affects Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances. The root cause is a design flaw/default host keys that enable a man-in-the-middle attack, allowing an unauthenticated remote attacker to modify data during login or data exchange via u...
CVE-2015-6395
CVE-2015-6395 affects Cisco Prime Service Catalog web interface (versions 10.0, 10.0R2, 10.1, 11.0). The vulnerability arises from insufficient access controls on web pages, allowing remote attackers to modify configuration via a direct URL request. Exploitation could enable unauthenticated, remo...
CVE-2017-3866
Cisco Prime Service Catalog exposes a cross-site scripting (XSS) vulnerability in its web framework. An unauthenticated, remote attacker could leverage insufficient input validation of web parameters to execute arbitrary scripts in a user’s browser. Affected release includes 11.1.2. The Cisco adv...
CVE-2018-0107
Cisco Prime Service Catalog’s web framework contains a CSRF vulnerability (CVE-2018-0107) that could allow an unauthenticated, remote attacker to perform unwanted actions due to missing CSRF protection. The issue is documented across multiple sources (NVD/CVE entry, CNVD, CNVD CISCO advisory), wi...
CVE-2015-0581
The CVE-2015-0581 issue affects Cisco Prime Service Catalog prior to 10.1, where the XML parser is vulnerable to an XML External Entity (XXE) attack. Remote authenticated users can read arbitrary files or trigger a denial of service (CPU/memory consumption) by crafting an external entity declarat...
CVE-2015-6350
The CVE-2015-6350 entry concerns Cisco Prime Service Catalog 11.0, where the WEB framework is vulnerable to SQL injection. The root cause is failed validation of user-supplied input used in SQL queries, enabling remote authenticated users to execute arbitrary SQL commands via unspecified vectors....
CVE-2017-3810
The CVE-2017-3810 issue affects Cisco Prime Service Catalog Web framework. An authenticated, remote attacker could trigger a web URL redirect to a malicious site due to insufficient input validation on URL parameters, enabling phishing-like redirections for users already logged in. Public descrip...
CVE-2016-1462
Cisco Prime Service Catalog (PSC) 11.0 contains a Cross-site scripting (XSS) vulnerability in its web-based management interface, identified as CSCuz63795 (CVE-2016-1462). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted value. The NVD notes a CVSS v2 base sc...