Secure Access Control Server Security Vulnerabilities and Issues — Secure Access Control Server CVE List

Lucene search

CiscoSecure Access Control Server

5 matches found

CVE•added 2015/10/30 10:59 a.m.•41 views

CVE-2015-6346

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00263EPSS

CVE•added 2015/10/30 10:59 a.m.•39 views

CVE-2015-6345

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.

6.5CVSS8AI score0.00311EPSS

CVE•added 2015/10/30 10:59 a.m.•39 views

CVE-2015-6348

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

4CVSS6.4AI score0.00156EPSS

CVE•added 2015/10/30 10:59 a.m.•34 views

CVE-2015-6347

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.

4CVSS6.4AI score0.00135EPSS

CVE•added 2015/10/30 10:59 a.m.•34 views

CVE-2015-6349

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00263EPSS