CVE-2018-0149
https://notcve.org/view.php?id=CVE-2018-0149
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994. • http://www.securityfocus.com/bid/104444 http://www.securitytracker.com/id/1041072 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6399
https://notcve.org/view.php?id=CVE-2015-6399
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. El Supervisor 1.0.0.0 y 1.0.0.1 en Cisco Integrated Management Controller (IMC) en versiones anteriores a 2.0(9) permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de interfaz IP) a través de parámetros manipulados en una petición HTTP, también conocido como Bug ID CSCuv38286. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc http://www.securityfocus.com/bid/108851 http://www.securityfocus.com/bid/79031 http://www.securitytracker.com/id/1038475 • CWE-399: Resource Management Errors •
CVE-2015-6259
https://notcve.org/view.php?id=CVE-2015-6259
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infrastructure Controller) en versiones anteriores a 5.2.0.1, permite a atacantes remotos escribir en archivos arbitrarios a través de peticiones HTTP manipuladas, también conocida como Bug IDs CSCus36435 y CSCus62625. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs http://www.securitytracker.com/id/1033451 • CWE-20: Improper Input Validation •