CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6349
https://notcve.org/view.php?id=CVE-2015-6349
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz web en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1 http://www.securitytracker.com/id/1033968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6348
https://notcve.org/view.php?id=CVE-2015-6348
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. La interfaz web de generación de reporte en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones de RBAC, y leer reportes o información de estado, visitando una página web no especificada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1 http://www.securitytracker.com/id/1033970 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6345
https://notcve.org/view.php?id=CVE-2015-6345
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. Vulnerabilidad de inyeción SQL en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCuw24700. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs http://www.securitytracker.com/id/1033967 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6347
https://notcve.org/view.php?id=CVE-2015-6347
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. El Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones destinadas a RBAC, y crear un cuadro de mandos o un portlet, visitando una página web no especificada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac http://www.securitytracker.com/id/1033971 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6346
https://notcve.org/view.php?id=CVE-2015-6346
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss http://www.securitytracker.com/id/1033969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •