CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6659
https://notcve.org/view.php?id=CVE-2017-6659
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. Una vulnerabilidad en la interfaz de administración basada en web de Prime Collaboration Assurance de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site request forgery (CSRF) y realizar acciones arbitrarias en un dispositivo afectado. Más información: CSCvc91800. • http://www.securityfocus.com/bid/98970 http://www.securitytracker.com/id/1038633 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3844
https://notcve.org/view.php?id=CVE-2017-3844
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96247 http://www.securitytracker.com/id/1037843 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3845
https://notcve.org/view.php?id=CVE-2017-3845
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96245 http://www.securitytracker.com/id/1037844 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3843
https://notcve.org/view.php?id=CVE-2017-3843
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). Una vulnerabilidad en las funciones de descarga de archivos para Cisco Prime Collaboration Assurance podría permitir a un atacante remoto autenticado descargar archivos del sistema que deberían estar restringidos. Más Información: CSCvc99446. • http://www.securityfocus.com/bid/96248 http://www.securitytracker.com/id/1037843 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9200
https://notcve.org/view.php?id=CVE-2016-9200
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6. Una vulnerabilidad en el marco de código web de Cisco Prime Collaboration Assurance podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web. Más Información: CSCut43268. • http://www.securityfocus.com/bid/94806 http://www.securitytracker.com/id/1037414 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •