26 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-1937
CVE-2019-1937 affects Cisco UCS Director/UCS Director Express for Big Data and IMC Supervisor via an authentication bypass in the web-based management interface caused by insufficient request header validation. An unauthenticated remote attacker could obtain a valid administrator session token an...
CVE-2019-1936
CVE-2019-1936 is a command-injection vulnerability in the web-based management interface of Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. It stems from insufficient input validation and, per Cisco’s advisory, can be exploited by an authenticated administra...
CVE-2019-1935
CVE-2019-1935 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The issue stems from a documented default account (scpuser) with an undocumented default password and improper permission settings, not enforced during installation. An unauthenticated, re...
CVE-2019-16003
CVE-2019-16003 affects Cisco UCS Director Web-based management interface. A flaw in the authentication logic could allow an unauthenticated, remote attacker to download system log files generated by an administrator by sending a crafted request to the web interface. The vulnerability stems from h...
CVE-2020-3243
CVE-2020-3243 relates to Cisco UCS Director and Cisco UCS Director Express for Big Data REST API vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on affected devices. According to NVD, CVSSv3 base score is 9.8 (CRITICAL) with network attack ...
CVE-2020-3250
Cisco UCS Director and Cisco UCS Director Express for Big Data have REST API vulnerabilities that may allow remote attackers to bypass authentication and perform directory traversal on affected devices. The common root cause cited is insufficient access control validation and improper input handl...
CVE-2022-20765
Cisco UCS Director web applications are vulnerable to Cross-Site Scripting (XSS) due to unsanitized user input. An authenticated, remote attacker could submit crafted JavaScript, potentially rewriting page content, accessing sensitive information stored in the apps, and altering form data. A Cisc...
CVE-2020-3242
CVE-2020-3242 – Cisco UCS Director Information Disclosure : A vulnerability in the REST API could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The issue arises because confidential information is returned as par...
CVE-2020-3239
CVE-2020-3239 affects Cisco UCS Director and Cisco UCS Director Express for Big Data. The REST API has multiple vulnerabilities that may allow a remote attacker to bypass authentication or perform directory traversal on an affected device. Exploitation is remote and network-driven, tied to REST A...
CVE-2020-3240
CVE-2020-3240 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The advisory and third-party writeups confirm multiple vulnerabilities in the REST API that may allow a remote attacker to bypass authentication or perform directory traversal. The root cause involves i...
CVE-2020-3248
Cisco UCS Director and Cisco UCS Director Express for Big Data expose multiple REST API vulnerabilities (CVE-2020-3248 and related CVEs) that may allow a remote attacker to bypass authentication or perform directory traversal. Root cause: insufficient validation of user input in REST API paths (e...
CVE-2020-3251
Cisco UCS Director and Cisco UCS Director Express for Big Data contain multiple REST API vulnerabilities (CVE-2020-3251) that may allow a remote attacker to bypass authentication or perform directory traversal due to insufficient input validation in the REST API, including the MyCallable class. A...
CVE-2019-1974
CVE-2019-1974 affects Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. The root cause is insufficient validation of request headers during authentication in the web-based management interface, allowing an unauthenticated, remote attacker to bypass login and g...
CVE-2020-3241
CVE-2020-3241. A path-traversal vulnerability in Cisco UCS Director’s orchestration tasks arises from insufficient validation of user-supplied input on the web-based management interface. An authenticated, remote attacker could craft a task with specific configuration parameters to overwrite arbi...
CVE-2020-3249
Cisco UCS Director and Cisco UCS Director Express for Big Data REST API vulnerabilities (CVE-2020-3249 and related CVEs) allow remote attackers to bypass authentication or perform directory traversal due to insufficient input validation in REST endpoints. Connected advisories pin the root cause t...
CVE-2020-3247
CVE-2020-3247 affects Cisco UCS Director and Cisco UCS Director Express for Big Data REST API. The issues stem from insufficient input validation in the REST API (and related file upload handling), enabling remote attackers to bypass authentication or perform directory traversal on affected devic...
CVE-2020-3464
CVE-2020-3464 affects Cisco UCS Director web UI via stored XSS due to improper input validation. The issue requires authenticated, administrative access to exploit, enabling arbitrary script execution or access to browser data in the affected session. Multiple connected records confirm: (1) vulne...
CVE-2018-15405
CVE-2018-15405 affects Cisco IMC Supervisor and Cisco UCS Director web interfaces. The root cause is an authorization check that fails to include the user’s access level, allowing an authenticated attacker with valid credentials to send crafted HTTP requests and view sensitive information belongi...
CVE-2020-3252
CVE-2020-3252 covers multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data. The issues enable remote attackers to bypass authentication or perform directory traversal due to insufficient access validation and input validation in REST API endpoi...
CVE-2019-1938
The CVE-2019-1938 issue affects Cisco UCS Director and Cisco UCS Director Express for Big Data, via an authentication bypass in the web-based management interface caused by improper handling of authentication requests. A remote, unauthenticated attacker could bypass authentication and perform adm...
CVE-2020-3329
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data are affected by a role-based access control vulnerability. Root cause: incorrect allocation of the enable/disable action button in the RBAC code, allowing a read-only authenticated attacker to update other users...
CVE-2019-12634
Cisco CVE-2019-12634 affects the web-based management interfaces for IMC Supervisor, Cisco UCS Director, and UCS Director Express for Big Data. The root cause is a missing authentication check in an API call, allowing an unauthenticated, remote attacker to log off all currently authenticated user...
CVE-2018-0148
CVE-2018-0148 affects Cisco UCS Director Software and Cisco IMC Supervisor Software, where the web-based management interface is vulnerable to cross-site request forgery (CSRF). An unauthenticated, remote attacker can induce an authenticated user to click a malicious link, enabling arbitrary acti...
CVE-2018-15406
Cisco UCS Director Web Management Interface is affected by CVE-2018-15406, a stored XSS due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a malicious link, enabling execution of arbitrary script code in the interface context or exposure of b...
CVE-2014-0709
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 uses a hardcoded root password, enabling unauthenticated remote login via the CLI and full admin access over SSH. This mode of exploitation is documented across multiple sources (Cisco advisory CSCui73930/Cisco-SA-2014-0219-ucsd). Affected vers...