CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6345
https://notcve.org/view.php?id=CVE-2015-6345
30 Oct 2015 — SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. Vulnerabilidad de inyeción SQL en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCuw24700. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6346
https://notcve.org/view.php?id=CVE-2015-6346
30 Oct 2015 — Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6347
https://notcve.org/view.php?id=CVE-2015-6347
30 Oct 2015 — The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. El Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones destinadas a RBAC, y crear un cuadro de mandos o un portlet, visitando una página web no especificada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6348
https://notcve.org/view.php?id=CVE-2015-6348
30 Oct 2015 — The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. La interfaz web de generación de reporte en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones de RBAC, y leer reportes o información de estado, visitando una págin... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6349
https://notcve.org/view.php?id=CVE-2015-6349
30 Oct 2015 — Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz web en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6300
https://notcve.org/view.php?id=CVE-2015-6300
20 Sep 2015 — Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. Vulnerabilidad en Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15), permite a usuarios remotos autenticados provocar una denegación de servicio (caída del proceso de pantalla SSH) a través de comandos (1) CLI o (2) GUI manipulados, también conocida como Bug ID CSCuw24694. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41087 • CWE-20: Improper Input Validation •