4 matches found
CVE-2006-3733
The CVE describes a vulnerability in CS-MARS where jmx-console/HtmlAdaptor in the JBoss web server allows a remote attacker to gain CS-MARS administrator privileges and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. Affected product is Cisco CS-M...
CVE-2013-5563
CVE-2013-5563 is a cross-site scripting (XSS) vulnerability in Cisco Security Monitoring, Analysis and Response System (CS-MARS). The issue arises because input passed to Query/NewQueryResult.jsp (notably the isnowLatency parameter) is not properly sanitized, allowing an attacker to inject arbitr...
CVE-2007-0397
The CVE-2007-0397 issue affects Cisco CS-MARS (before 4.2.3) and ASDM (before 5.2(2.54)); both do not validate SSL/TLS certificates or SSH public keys when connecting to devices, enabling remote spoofing to obtain sensitive info or present false data. Cisco’s advisory notes that updated software ...
CVE-2013-1140
The vulnerability CVE-2013-1140 affects Cisco’s Security Monitoring, Analysis, and Response System (MARS). It stems from improper handling of XML External Entity (XXE) in the XML parser, allowing unauthenticated, remote attackers to read arbitrary files via an external entity declaration and an e...