NotCVE - vendor:"Cisco" product:"Unified Computing System"

Page 15 of 150 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-3868

https://notcve.org/view.php?id=CVE-2017-3868

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). Una vulnerabilidad en la interfaz de administración basada en web de Cisco UCS Director podría permitir que un atacante remoto no autenticado lleve a cabo un ataque XSS contra un usuario de la interfaz de administración basada en web de un dispositivo afectado. Más información: CSCvc44344. • http://www.securityfocus.com/bid/96921 http://www.securitytracker.com/id/1038039 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-3801

https://notcve.org/view.php?id=CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765. • http://www.securityfocus.com/bid/96235 http://www.securitytracker.com/id/1037830 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0

CVE-2016-6402

https://notcve.org/view.php?id=CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. UCS Manager y UCS 6200 Fabric Interconnects en Cisco Unified Computing System (UCS) hasta la versión 3.0(2d) permiten a usuarios locales obtener acceso root del SO a través de una entrada CLI manipulada, vulnerabilidad también conocida como Bug ID CSCuz91263. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs http://www.securityfocus.com/bid/92956 http://www.securitytracker.com/id/1036831 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-1374

https://notcve.org/view.php?id=CVE-2016-1374

The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. El framework web en Cisco Unified Computing System (UCS) Performance Manager 2.0.0 y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de parámetros manipulados en una petición GET, también conocido como Bug ID CSCuy07827. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf http://www.securityfocus.com/bid/92044 http://www.securitytracker.com/id/1036410 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1401

https://notcve.org/view.php?id=CVE-2016-1401

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. Vulnerabilidad de XSS en la interfaz de administración en Cisco Unified Computing System (UCS) Central Software 1.4(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCuy91250. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs http://www.securitytracker.com/id/1035933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...13 14 15 16 17