CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6451
https://notcve.org/view.php?id=CVE-2016-6451
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. Múltiples vulnerabilidades en el código de marco de referencia web de Cisco Prime Collaboration Provisioning podrían permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web del sistema afectado. Más información: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. • http://www.securityfocus.com/bid/93917 http://www.securitytracker.com/id/1037112 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1416
https://notcve.org/view.php?id=CVE-2016-1416
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Cisco Prime Collaboration Provisioning 10.6 SP2 (también conocido como 10.6.0.10602) no maneja adecuadamente la autentificación LDAP, lo que permite obtener privilegios de administrador a atacantes remotos a través de un intento de inicio de sesión manipulado, también conocido como Bug ID CSCuv37513. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass http://www.securityfocus.com/bid/91505 http://www.securitytracker.com/id/1036212 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6329
https://notcve.org/view.php?id=CVE-2015-6329
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. Vulnerabilidad de inyección SQL en Cisco Prime Collaboration Provisioning 10.6 y 11.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCut64074. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp http://www.securitytracker.com/id/1033783 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4307
https://notcve.org/view.php?id=CVE-2015-4307
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. Vulnerabilidad en el framework web en Cisco Prime Collaboration Provisioning en versiones anteriores a 11.0, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear cuentas administrativas a través de una URL manipulada, también conocida como Bug ID CSCut64111. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp http://www.securitytracker.com/id/1033579 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1196
https://notcve.org/view.php?id=CVE-2013-1196
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. La interfaz de línea de comandos en el sistema Cisco Secure Access Control (ACS), Servicios de Identidad del motor de software, Agente de Directorio Contexto, Gerente de Redes de Aplicaciones (ANM), Sistema de Control de Red Prime, LAN Management Solution Prime (LMS), Prime Collaboration, Provisioning Manager Unificado , Network Services Manager, el primer Data Center Network Manager (DCNM) y Quad no validan correctamente la entrada, lo que permite a usuarios locales obtener privilegios de root a través de vectores no especificados. Vulnerabilidad también conocida como Bug ID CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416 , CSCug29418, CSCug29422, CSCug29425 y CSCug29426. Se trata de una cuestión diferente que CVE-2013-1125. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196 • CWE-20: Improper Input Validation •