CVSS: 7.8EPSS: 3%CPEs: 10EXPL: 0CVE-2017-6621 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6621
18 May 2017 — A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could... • http://www.securityfocus.com/bid/98522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 77%CPEs: 10EXPL: 2CVE-2017-6622 – Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6622
18 May 2017 — A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration... • https://packetstorm.news/files/id/144420 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3843
https://notcve.org/view.php?id=CVE-2017-3843
22 Feb 2017 — A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). Una vulnerabilidad en las funciones de descarga de archivos para Cisco Prime Collaboration Assurance podría permitir a un atacante remoto autenticado descargar archivos del sistema que deberían estar restringidos. Más Información: CSCvc99446. • http://www.securityfocus.com/bid/96248 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3844
https://notcve.org/view.php?id=CVE-2017-3844
22 Feb 2017 — A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96247 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3845
https://notcve.org/view.php?id=CVE-2017-3845
22 Feb 2017 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Relea... • http://www.securityfocus.com/bid/96245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9200
https://notcve.org/view.php?id=CVE-2016-9200
14 Dec 2016 — A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6. Una vulnerabilidad en el marco de código web de Cisco Prime Collaboration Assurance podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web. Más Información: CSCut4... • http://www.securityfocus.com/bid/94806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6451
https://notcve.org/view.php?id=CVE-2016-6451
03 Nov 2016 — Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. Múltiples vulnerabilidades en el código de marco de referencia web de Cisco ... • http://www.securityfocus.com/bid/93917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2016-1416
https://notcve.org/view.php?id=CVE-2016-1416
02 Jul 2016 — Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Cisco Prime Collaboration Provisioning 10.6 SP2 (también conocido como 10.6.0.10602) no maneja adecuadamente la autentificación LDAP, lo que permite obtener privilegios de administrador a atacantes remotos a través de un intento de inicio de sesión manipulado, también conocido como Bug ID CSCuv3... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1437
https://notcve.org/view.php?id=CVE-2016-1437
23 Jun 2016 — SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. Vulnerabilidad de inyección SQL en la base de datos SQL en Cisco Prime Collaboration Deployment en versiones anteriores a 11.5.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de a una URL manipulada, también conocido como Bug ID CSCuy92549. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1392
https://notcve.org/view.php?id=CVE-2016-1392
05 May 2016 — Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. Vulnerabilidad de redirección abierta en Cisco Prime Collaboration Assurance Software 10.5 hasta la versión 11.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phising a través de vectores no especificados, también conocid... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca •