Secure Access Control Server Security Vulnerabilities and Issues — Secure Access Control Server CVE List

Lucene search

CiscoSecure Access Control Server

3 matches found

CVE•added 2006/06/21 1:2 a.m.•137 views

CVE-2006-3101

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.

4.3CVSS5.7AI score0.25627EPSS

CVE•added 2006/06/26 4:5 p.m.•37 views

CVE-2006-3226

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulne...

7.5CVSS7.4AI score0.01898EPSS

CVE•added 2006/05/10 2:14 a.m.•31 views

CVE-2006-0561

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaint...

7.2CVSS6.4AI score0.00049EPSS