CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20345
https://notcve.org/view.php?id=CVE-2024-20345
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. Una vulnerabilidad en la funcionalidad de carga de archivos de Cisco AppDynamics Controller podría permitir que un atacante remoto autenticado realice ataques de directory traversal en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-26: Path Traversal: '/dir/../filename' •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20346
https://notcve.org/view.php?id=CVE-2024-20346
A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco AppDynamics Controller podría permitir que un atacante remoto autenticado realice un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administración basada en web. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2023-20274
https://notcve.org/view.php?id=CVE-2023-20274
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device. Una vulnerabilidad en el script de instalación de Cisco AppDynamics PHP Agent podría permitir que un atacante local autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad se debe a permisos insuficientes establecidos por el instalador del Agente PHP en el directorio de instalación del Agente PHP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20736 – Cisco AppDynamics Controller Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-20736
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu • CWE-862: Missing Authorization CWE-939: Improper Authorization in Handler for Custom URL Scheme •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34745 – AppDynamics .NET Agent Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34745
A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. • https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability • CWE-269: Improper Privilege Management •