CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6705
https://notcve.org/view.php?id=CVE-2017-6705
04 Jul 2017 — A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. Una vulnerabilidad en el sistema de archivos de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local identificado adquirir información confidencial. Más información: CSCvc82973. • http://www.securityfocus.com/bid/99206 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6706
https://notcve.org/view.php?id=CVE-2017-6706
04 Jul 2017 — A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. Una vulnerabilidad en el subsistema de registro de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local no identificado adquirir información confidencial. Más información: CSCvd07260. • http://www.securityfocus.com/bid/99204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-6637 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6637
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques... • http://www.securityfocus.com/bid/98530 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 5%CPEs: 10EXPL: 0CVE-2017-6635 – Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6635
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques... • http://www.securityfocus.com/bid/98535 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2017-6636 – Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6636
22 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to ... • http://www.securityfocus.com/bid/98526 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 64%CPEs: 10EXPL: 2CVE-2017-6622 – Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6622
18 May 2017 — A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration... • https://packetstorm.news/files/id/144420 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 20%CPEs: 10EXPL: 0CVE-2017-6621 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6621
18 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could... • http://www.securityfocus.com/bid/98522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6451
https://notcve.org/view.php?id=CVE-2016-6451
03 Nov 2016 — Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. Múltiples vulnerabilidades en el código de marco de referencia web de Cisco ... • http://www.securityfocus.com/bid/93917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1416
https://notcve.org/view.php?id=CVE-2016-1416
02 Jul 2016 — Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Cisco Prime Collaboration Provisioning 10.6 SP2 (también conocido como 10.6.0.10602) no maneja adecuadamente la autentificación LDAP, lo que permite obtener privilegios de administrador a atacantes remotos a través de un intento de inicio de sesión manipulado, también conocido como Bug ID CSCuv3... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6329
https://notcve.org/view.php?id=CVE-2015-6329
12 Oct 2015 — SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. Vulnerabilidad de inyección SQL en Cisco Prime Collaboration Provisioning 10.6 y 11.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCut64074. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •