Page 2 of 42 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz web en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1 http://www.securitytracker.com/id/1033968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. La interfaz web de generación de reporte en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones de RBAC, y leer reportes o información de estado, visitando una página web no especificada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1 http://www.securitytracker.com/id/1033970 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. Vulnerabilidad de inyeción SQL en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCuw24700. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs http://www.securitytracker.com/id/1033967 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. El Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones destinadas a RBAC, y crear un cuadro de mandos o un portlet, visitando una página web no especificada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac http://www.securitytracker.com/id/1033971 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss http://www.securitytracker.com/id/1033969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •