Page 7 of 65 results (0.005 seconds)

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Una vulnerabilidad en la web-based management interface de Prime Infrastructure (PI) y Evolved Programmable Network (EPN) Manager de Cisco podría permitir que un atacante remoto autenticado ejecutara consultas SQL arbitrarias. • http://www.securityfocus.com/bid/108337 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default. • http://www.securityfocus.com/bid/107092 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation • CWE-295: Improper Certificate Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de gestión web de Cisco Prime Infrastructure podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el software afectado. • http://www.securityfocus.com/bid/106702 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Una vulnerabilidad en la característica de backup del servidor en Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado vea información sensible. • http://www.securityfocus.com/bid/105562 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-prime-id • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information. Una vulnerabilidad en la característica de backup del servidor en Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado vea información sensible. • http://www.securityfocus.com/bid/105563 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •