CVE-2017-6621 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6621
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. • http://www.securityfocus.com/bid/98522 http://www.securitytracker.com/id/1038508 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-6622 – Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6622
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724. • https://www.exploit-db.com/exploits/42888 http://www.securityfocus.com/bid/98520 http://www.securitytracker.com/id/1038507 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2016-1416
https://notcve.org/view.php?id=CVE-2016-1416
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Cisco Prime Collaboration Provisioning 10.6 SP2 (también conocido como 10.6.0.10602) no maneja adecuadamente la autentificación LDAP, lo que permite obtener privilegios de administrador a atacantes remotos a través de un intento de inicio de sesión manipulado, también conocido como Bug ID CSCuv37513. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass http://www.securityfocus.com/bid/91505 http://www.securitytracker.com/id/1036212 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6329
https://notcve.org/view.php?id=CVE-2015-6329
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. Vulnerabilidad de inyección SQL en Cisco Prime Collaboration Provisioning 10.6 y 11.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCut64074. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp http://www.securitytracker.com/id/1033783 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •