NotCVE - vendor:"Cisco" product:"Prime Collaboration"

Page 9 of 82 results (0.005 seconds)

CVSS: 7.8EPSS: 51%CPEs: 10EXPL: 0

CVE-2017-6621 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2017-6621

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. • http://www.securityfocus.com/bid/98522 http://www.securitytracker.com/id/1038508 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 77%CPEs: 10EXPL: 1

CVE-2017-6622 – Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-6622

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724. • https://www.exploit-db.com/exploits/42888 http://www.securityfocus.com/bid/98520 http://www.securitytracker.com/id/1038507 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-3844

https://notcve.org/view.php?id=CVE-2017-3844

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96247 http://www.securitytracker.com/id/1037843 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-3845

https://notcve.org/view.php?id=CVE-2017-3845

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0). • http://www.securityfocus.com/bid/96245 http://www.securitytracker.com/id/1037844 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-3843

https://notcve.org/view.php?id=CVE-2017-3843

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). Una vulnerabilidad en las funciones de descarga de archivos para Cisco Prime Collaboration Assurance podría permitir a un atacante remoto autenticado descargar archivos del sistema que deberían estar restringidos. Más Información: CSCvc99446. • http://www.securityfocus.com/bid/96248 http://www.securitytracker.com/id/1037843 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1 • CWE-20: Improper Input Validation •

1...7 8 9 10 11