CVSS: 9.1EPSS: 1%CPEs: 3EXPL: 0CVE-2019-1662 – Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-1662
21 Feb 2019 — A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerabilit... • http://www.securityfocus.com/bid/107096 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-0321
https://notcve.org/view.php?id=CVE-2018-0321
07 Jun 2018 — A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This ... • http://www.securityfocus.com/bid/104409 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6659
https://notcve.org/view.php?id=CVE-2017-6659
13 Jun 2017 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. Una vulnerabilidad en la interfaz de administración basada en web de Prime Collaboration Assurance de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-... • http://www.securityfocus.com/bid/98970 • CWE-352: Cross-Site Request Forgery (CSRF) •