Lucene search
+L
CiscoPrime Service Catalog

16 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6953 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2019/06/20 3:0 a.m.239 views

CVE-2019-1874

CVE-2019-1874 affects Cisco Prime Service Catalog and is a CSRF vulnerability in the web-based management interface caused by insufficient CSRF protection. An unauthenticated, remote attacker could lure a user to a malicious link and perform arbitrary actions with the privileges of the affected u...

8.8CVSS9AI score0.00803EPSS
CVE
CVE
added 2019/06/20 3:0 a.m.209 views

CVE-2019-1875

Cisco Prime Service Catalog’s web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient validation of user-supplied input. An authenticated, remote attacker can craft strings added to multiple configuration fields to execute arbitrary script code within the in...

4.8CVSS5AI score0.00878EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.86 views

CVE-2022-20680

CVE-2022-20680 affects Cisco Prime Service Catalog. The vulnerability arises from improper enforcement of Administrator privilege levels for low-value sensitive data in the web-based management interface. An attacker with read-only Administrator access can send a crafted HTTP request to the page ...

6.5CVSS5.1AI score0.01084EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.66 views

CVE-2018-0285

CVE-2018-0285 affects Cisco Prime Service Catalog. The issue arises from excessive logging that exhausts disk space, enabling an authenticated, remote attacker to deny service to the user interface. Data from NVD and Cisco advisories confirm the vulnerability is a disk-space exhaustion DoS via lo...

6.5CVSS6.4AI score0.0274EPSS
CVE
CVE
added 2018/02/22 12:0 a.m.62 views

CVE-2018-0200

CVE-2018-0200 affects Cisco Prime Service Catalog (PSC) web-based interface. The issue is a reflected cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, exploitable by persuading an unauthenticated, remote user to click a crafted link. Successful ex...

6.1CVSS5.9AI score0.01244EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.56 views

CVE-2017-12364

Cisco Prime Service Catalog (PSC) Web Framework contains a SQL Injection flaw where unsanitized user input used in SQL queries allows an unauthenticated remote attacker to read data from database tables. This is detailed in CVE-2017-12364 with Cisco Bug CSCvg30333; related advisories include Cisc...

6.5CVSS6.8AI score0.01301EPSS
CVE
CVE
added 2018/11/08 8:0 p.m.50 views

CVE-2018-15451

CVE-2018-15451 is a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime Service Catalog. The issue stems from insufficient validation of user-supplied input processed by the interface, allowing an authenticated, remote attacker to lure a user into clickin...

5.4CVSS5.3AI score0.00922EPSS
CVE
CVE
added 2015/06/17 10:0 a.m.48 views

CVE-2015-4190

CVE-2015-4190 affects Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances. The root cause is a design flaw/default host keys that enable a man-in-the-middle attack, allowing an unauthenticated remote attacker to modify data during login or data exchange via u...

4.3CVSS6.6AI score0.01331EPSS
CVE
CVE
added 2015/12/12 11:0 a.m.48 views

CVE-2015-6395

CVE-2015-6395 affects Cisco Prime Service Catalog web interface (versions 10.0, 10.0R2, 10.1, 11.0). The vulnerability arises from insufficient access controls on web pages, allowing remote attackers to modify configuration via a direct URL request. Exploitation could enable unauthenticated, remo...

6.5CVSS6.8AI score0.0151EPSS
CVE
CVE
added 2017/03/17 10:0 p.m.48 views

CVE-2017-3866

Cisco Prime Service Catalog exposes a cross-site scripting (XSS) vulnerability in its web framework. An unauthenticated, remote attacker could leverage insufficient input validation of web parameters to execute arbitrary scripts in a user’s browser. Affected release includes 11.1.2. The Cisco adv...

6.1CVSS6AI score0.01228EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.48 views

CVE-2018-0107

Cisco Prime Service Catalog’s web framework contains a CSRF vulnerability (CVE-2018-0107) that could allow an unauthenticated, remote attacker to perform unwanted actions due to missing CSRF protection. The issue is documented across multiple sources (NVD/CVE entry, CNVD, CNVD CISCO advisory), wi...

8.8CVSS8.8AI score0.00831EPSS
CVE
CVE
added 2015/01/28 10:0 p.m.47 views

CVE-2015-0581

The CVE-2015-0581 issue affects Cisco Prime Service Catalog prior to 10.1, where the XML parser is vulnerable to an XML External Entity (XXE) attack. Remote authenticated users can read arbitrary files or trigger a denial of service (CPU/memory consumption) by crafting an external entity declarat...

7.5CVSS6.7AI score0.02371EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.45 views

CVE-2015-6350

The CVE-2015-6350 entry concerns Cisco Prime Service Catalog 11.0, where the WEB framework is vulnerable to SQL injection. The root cause is failed validation of user-supplied input used in SQL queries, enabling remote authenticated users to execute arbitrary SQL commands via unspecified vectors....

6.5CVSS8.2AI score0.01361EPSS
CVE
CVE
added 2017/02/03 7:24 a.m.45 views

CVE-2017-3810

The CVE-2017-3810 issue affects Cisco Prime Service Catalog Web framework. An authenticated, remote attacker could trigger a web URL redirect to a malicious site due to insufficient input validation on URL parameters, enabling phishing-like redirections for users already logged in. Public descrip...

5.4CVSS5.4AI score0.01131EPSS
CVE
CVE
added 2016/07/28 1:0 a.m.39 views

CVE-2016-1462

Cisco Prime Service Catalog (PSC) 11.0 contains a Cross-site scripting (XSS) vulnerability in its web-based management interface, identified as CSCuz63795 (CVE-2016-1462). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted value. The NVD notes a CVSS v2 base sc...

6.1CVSS5.9AI score0.01009EPSS