Lucene search
K
CiscoSecure Access Control Server Solution Engine

5 matches found

CVE
CVE
added 2018/03/08 7:0 a.m.65 views

CVE-2018-0218

CVE-2018-0218 affects Cisco Secure Access Control Server (ACS) web UI prior to 5.8 patch 9. The issue arises from improper handling of XML External Entities (XXEs) when parsing XML files, enabling an unauthenticated, remote attacker to read information from the system. Connected sources identify ...

4.3CVSS4.2AI score0.01533EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.53 views

CVE-2018-0414

The CVE-2018-0414 issue affects Cisco Secure Access Control Server (ACS) in its web-based UI. The root cause is incorrect handling of XML External Entities (XXEs) when parsing an XML file, enabling an authenticated, remote attacker to obtain read access to information in the affected system by tr...

5.7CVSS5.4AI score0.01826EPSS
CVE
CVE
added 2015/04/17 1:0 a.m.42 views

CVE-2015-0700

Cisco Secure Access Control Server Solution Engine Dashboard page in the monitoring-and-report section is affected by a CSRF vulnerability (CVE-2015-0700) prior to 5.5(0.46.5). An unauthenticated remote attacker can lure a user to a malicious link to perform actions in the context of that user. R...

6.8CVSS7.4AI score0.01447EPSS
CVE
CVE
added 2018/03/08 7:0 a.m.41 views

CVE-2018-0207

CVE-2018-0207 affects the Cisco Secure Access Control Server web-based UI (pre-5.8 patch 9). It’s an XXE handling flaw in XML parsing that could let an unauthenticated, remote attacker gain read access to certain information by enticing an administrator to import a crafted XML file. Concrete affe...

4.3CVSS4AI score0.01526EPSS
CVE
CVE
added 2013/06/12 1:0 a.m.38 views

CVE-2013-3380

The advisory concerns Cisco Secure Access Control System (ACS) and its administrative web interface. The issue is a failure to properly restrict the report view page, allowing remote authenticated users to view potentially sensitive information via a direct request (Bug ID CSCue79279). Exploitati...

4CVSS5.8AI score0.01332EPSS