5 matches found
CVE-2018-0218
CVE-2018-0218 affects Cisco Secure Access Control Server (ACS) web UI prior to 5.8 patch 9. The issue arises from improper handling of XML External Entities (XXEs) when parsing XML files, enabling an unauthenticated, remote attacker to read information from the system. Connected sources identify ...
CVE-2018-0414
The CVE-2018-0414 issue affects Cisco Secure Access Control Server (ACS) in its web-based UI. The root cause is incorrect handling of XML External Entities (XXEs) when parsing an XML file, enabling an authenticated, remote attacker to obtain read access to information in the affected system by tr...
CVE-2015-0700
Cisco Secure Access Control Server Solution Engine Dashboard page in the monitoring-and-report section is affected by a CSRF vulnerability (CVE-2015-0700) prior to 5.5(0.46.5). An unauthenticated remote attacker can lure a user to a malicious link to perform actions in the context of that user. R...
CVE-2018-0207
CVE-2018-0207 affects the Cisco Secure Access Control Server web-based UI (pre-5.8 patch 9). It’s an XXE handling flaw in XML parsing that could let an unauthenticated, remote attacker gain read access to certain information by enticing an administrator to import a crafted XML file. Concrete affe...
CVE-2013-3380
The advisory concerns Cisco Secure Access Control System (ACS) and its administrative web interface. The issue is a failure to properly restrict the report view page, allowing remote authenticated users to view potentially sensitive information via a direct request (Bug ID CSCue79279). Exploitati...