CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12225
https://notcve.org/view.php?id=CVE-2017-12225
07 Sep 2017 — A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releas... • http://www.securitytracker.com/id/1039285 • CWE-287: Improper Authentication CWE-384: Session Fixation •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1360
https://notcve.org/view.php?id=CVE-2016-1360
12 Mar 2016 — Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. Cisco Prime LAN Management Solution (LMS) hasta la versión 4.2.5 utiliza la misma clave de cifrado de base de datos a través de instalaciones de clientes diferentes, lo que permite a usuarios locales obtener datos en texto plano aprovechando la conectividad de la co... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0594
https://notcve.org/view.php?id=CVE-2015-0594
27 Feb 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. Múltiples vulnerabilidades de XSS en la páginas de ayuda en Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS) y Cisco Security Manager, permiten a atacantes remotos inyectar secu... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5482
https://notcve.org/view.php?id=CVE-2013-5482
13 Sep 2013 — Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. Cisco Prime LAN Management Solutions (LMS) no restringe correctamente el uso de elementos IFRAME, lo cual facilita a atacantes remotos ejecutar ataques de clickjacking y otros ataques no especificados a través de un s... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5482 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5488
https://notcve.org/view.php?id=CVE-2013-5488
12 Sep 2013 — Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Un... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1196
https://notcve.org/view.php?id=CVE-2013-1196
29 Apr 2013 — The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, C... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1125
https://notcve.org/view.php?id=CVE-2013-1125
19 Feb 2013 — The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2012-6392
https://notcve.org/view.php?id=CVE-2012-6392
17 Jan 2013 — Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. Cisco Prime LAN Management Solution (LMS) v4.1 a v4.2.2 en Linux no valida correctamente las solicitudes de autenticación y autorización en sesiones TCP, lo que permite a atacantes remotos ejecutar código de su elección a través de una sesión hecha a ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4237
https://notcve.org/view.php?id=CVE-2011-4237
03 May 2012 — CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. Vulnerabilidad de inyección CRLF en autologin.jsp en Cisco CiscoWorks Common Services v4.0, tal como se utiliza en Cisco Prime LAN Management Solution y otros productos, permite a atacantes remotos inyectar cabe... • http://secunia.com/advisories/49094 • CWE-94: Improper Control of Generation of Code ('Code Injection') •