Lucene search
K
CiscoSecurity Manager

30 matches found

CVE
CVE
added 2019/06/20 3:10 a.m.194 views

CVE-2019-1903

CVE-2019-1903 affects Cisco Security Manager and is caused by improper restriction of XML entities, enabling XML External Entity (XXE) injection. An unauthenticated remote attacker can submit malicious XML to read local files (information disclosure) or exhaust resources (DoS). Exploitation is de...

9.1CVSS7.2AI score0.02167EPSS
CVE
CVE
added 2022/01/14 5:1 a.m.150 views

CVE-2022-20647

Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities caused by insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link to execute arbitrary script code within the interface or access browser-base...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2020/11/17 3:10 a.m.138 views

CVE-2020-27130

Cisco Security Manager (CSM) contains a path-traversal vulnerability (CVE-2020-27130) that allows an unauthenticated, remote attacker to download arbitrary files from an affected device. The root cause is improper validation of directory traversal sequences in requests to CSM, enabling crafted re...

9.1CVSS9.2AI score0.65907EPSS
CVE
CVE
added 2020/11/17 3:10 a.m.123 views

CVE-2020-27125

CVE-2020-27125 concerns Cisco Security Manager, where insufficient protection of static credentials allowed unauthenticated, remote access to sensitive information by viewing source code. Connected documents confirm affected versions are prior to 4.22 and indicate Cisco released fixes in Release ...

9.8CVSS8.4AI score0.01712EPSS
CVE
CVE
added 2022/01/14 5:5 a.m.123 views

CVE-2022-20635

CVE-2022-20635 refers to multiple cross-site scripting vulnerabilities in the web-based management interface of Cisco Security Manager. The flaws arise from insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to persuade a user to click a crafted link and ...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:0 a.m.113 views

CVE-2022-20641

CVE-2022-20641 affects Cisco Security Manager’s web-based management interface. The vulnerabilities stem from insufficient input validation, enabling an unauthenticated attacker to perform cross-site scripting by tricking a user into clicking a crafted link. Impact described: execution of arbitra...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2020/11/17 3:10 a.m.111 views

CVE-2020-27131

Cisco Security Manager is affected by CVE-2020-27131 due to insecure Java deserialization of user-supplied content. An unauthenticated, remote attacker can send a malicious serialized Java object to a specific listener and execute arbitrary commands on the target device with SYSTEM privileges on ...

10CVSS9.5AI score0.87719EPSS
CVE
CVE
added 2022/01/14 5:0 a.m.111 views

CVE-2022-20642

CVE-2022-20642 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s Web-based management interface. The root cause is insufficient validation/handling of user-supplied input, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link an...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:5 a.m.94 views

CVE-2022-20637

CVE-2022-20637 affects Cisco Security Manager web-based management interface. Multiple cross-site scripting vulnerabilities arise from insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially allowing execution of...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:1 a.m.93 views

CVE-2022-20645

CVE-2022-20645 concerns Cisco Security Manager. The issue is cross-site scripting via the web-based management interface caused by inadequate input validation. An unauthenticated, remote attacker can lure a user to click a crafted link to execute arbitrary script code in the interface context or ...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:0 a.m.89 views

CVE-2022-20643

CVE-2022-20643 involves multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface, caused by insufficient validation of user input. An unauthenticated, remote attacker could lure a user into clicking a crafted link to execute arbitrary script code in...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:5 a.m.84 views

CVE-2022-20638

CVE-2022-20638 affects the web-based management interface of Cisco Security Manager. The issue is cross-site scripting due to insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to induce a user to click a crafted link and potentially execute arbitrary scr...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:0 a.m.79 views

CVE-2022-20644

CVE-2022-20644 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface. Root cause: insufficient validation of user-supplied input. Exploitation requires convincing a user to click a crafted link, enabling an unauthenticated, remote attac...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:5 a.m.76 views

CVE-2022-20639

Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated remote attacker could lure a user to click a crafted link to execute arbitrary script code in the interface’s context or access browser-ba...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2019/10/02 6:15 p.m.72 views

CVE-2019-12630

Cisco Security Manager (CSM) is affected by CVE-2019-12630 due to insecure Java deserialization, enabling unauthenticated remote command execution via a malicious serialized object sent to a listener. The vulnerability permits execution of arbitrary commands on the device with casuser privileges....

9.8CVSS8.5AI score0.65846EPSS
CVE
CVE
added 2022/01/14 5:1 a.m.69 views

CVE-2022-20646

Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could persuade a user to click a crafted link and potentially execute arbitrary script code within the interface or acces...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2022/01/14 5:5 a.m.66 views

CVE-2022-20636

Multiple cross-site scripting vulnerabilities affect the web-based management interface of Cisco Security Manager (CSM). The issues arise from insufficient input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code ...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2009/05/21 2:0 p.m.64 views

CVE-2009-1161

CVE-2009-1161 describes a directory traversal vulnerability in CiscoWorks Common Services (CWCS) 3.0.x–3.2.x on Windows when the TFTP service is enabled. An unauthenticated remote attacker could access arbitrary files via CWCS TFTP, affecting multiple Cisco products that rely on CWCS (e.g., Unifi...

10CVSS6.8AI score0.12546EPSS
CVE
CVE
added 2022/01/14 5:0 a.m.62 views

CVE-2022-20640

CVE-2022-20640 affects Cisco Security Manager’s web-based management interface. The issue is cross-site scripting due to insufficient validation of user input, allowing unauthenticated attackers to entice users to click a crafted link and potentially execute arbitrary script code or access browse...

6.1CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2009/01/22 6:0 p.m.60 views

CVE-2008-3820

Cisco Security Manager 3.1 and 3.2 (prior to 3.2.2) is affected. When Cisco IPS Event Viewer (IEV) is launched, the server and client open remotely accessible TCP ports for the MySQL/IEV services, allowing unauthenticated remote access to the IEV database and server and potentially root-level ope...

6.8CVSS6.6AI score0.01379EPSS
CVE
CVE
added 2015/05/15 1:0 a.m.54 views

CVE-2015-0727

CVE-2015-0727 is an XSS vulnerability in the HTTP module of Cisco Security Manager (CSM) 4.7(0)SP1(1). The root cause is insufficient validation of user-supplied input in the vulnerable web interface, enabling remote attackers to inject arbitrary script or HTML via a crafted URL (Bug CSCut27789)....

4.3CVSS5.8AI score0.01546EPSS
CVE
CVE
added 2018/03/08 7:0 a.m.48 views

CVE-2018-0223

Cisco Security Manager is affected by CVE-2018-0223 due to a reflected cross-site scripting (XSS) flaw in the DesktopServlet of the web-based management interface. The issue arises from insufficient validation of input, enabling an unauthenticated, remote attacker to entice a user to click a craf...

6.1CVSS5.9AI score0.01783EPSS
CVE
CVE
added 2014/04/02 1:0 a.m.47 views

CVE-2014-2138

CVE-2014-2138 affects Cisco Security Manager (web framework) prior to 4.2. The issue is a CRLF injection via a crafted URL that allows remote attackers to inject arbitrary HTTP headers and perform web-page redirection to a malicious site. Root cause is insufficient validation of user input before...

4.3CVSS7.1AI score0.00947EPSS
CVE
CVE
added 2014/05/23 10:0 p.m.47 views

CVE-2014-3267

CVE-2014-3267 is a CSRF vulnerability in Cisco Security Manager’s web framework (4.6 and earlier) that lets an unauthenticated, remote attacker perform actions in the context of an authenticated user by crafting requests that make unspecified changes. The issue arises from insufficient CSRF prote...

6.8CVSS7.5AI score0.01214EPSS
CVE
CVE
added 2015/02/27 2:0 a.m.47 views

CVE-2015-0594

Cisco Common Services (used by Cisco Prime LAN Management Solution and Cisco Security Manager) contains cross-site scripting (XSS) vulnerabilities in the help pages. The root cause is insufficient input validation of some parameters used by the help page system, allowing remote attackers to trigg...

4.3CVSS5.9AI score0.01792EPSS
CVE
CVE
added 2010/10/29 6:0 p.m.46 views

CVE-2010-3036

CiscoWorks Common Services web server module contains multiple buffer overflows in the Cisco-developed authentication code, enabling remote, unauthenticated code execution with system administrator privileges via sessions on TCP ports 443 or 1741. Affected: CiscoWorks Common Services prior to ver...

10CVSS8.1AI score0.05992EPSS
CVE
CVE
added 2013/09/12 1:0 a.m.45 views

CVE-2013-5488

Cisco Common Services (used in Cisco Prime LMS, Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager) fails to properly interact with ActiveMQ, allowing an unauthenticated remote attacker to cause memory-based DoS by opening multiple concurrent TCP sessions....

5CVSS6.8AI score0.0157EPSS
CVE
CVE
added 2014/05/20 10:0 a.m.44 views

CVE-2014-3265

CVE-2014-3265 describes a cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework used by Cisco Security Manager (CSM) 4.2 and earlier. The root cause is insufficient input validation of a parameter within the AUS web framework, enabling remote attackers to inject a...

4.3CVSS5.9AI score0.01372EPSS
CVE
CVE
added 2014/07/26 10:0 a.m.44 views

CVE-2014-3326

CVE-2014-3326 affects Cisco Security Manager 4.5 and 4.6. The issue is an SQL injection in the web framework caused by insufficient controls on SQL statements, allowing an authenticated remote attacker to execute arbitrary SQL commands via unspecified vectors. The vulnerability can lead to exposu...

6.5CVSS8.2AI score0.02059EPSS
CVE
CVE
added 2014/05/23 10:0 p.m.36 views

CVE-2014-3266

Cisco Security Manager 4.6 and earlier versions are affected by a cross-site scripting (XSS) vulnerability in the web framework due to insufficient input validation of a parameter, allowing remote attackers to inject arbitrary web script or HTML. Exploitation details are not publicly documented i...

4.3CVSS5.9AI score0.01161EPSS