Cisco Secure_access_control_system
33 CVEs affecting Cisco Secure_access_control_system. Latest disclosed: 2017-11-30. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-3841 | High | 7.5 | 2017-02-22 | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive info… |
CVE-2017-3840 | Medium | 6.1 | 2017-02-22 | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a ma… |
CVE-2017-3838 | Medium | 6.1 | 2017-02-22 | A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) a… |
CVE-2017-6769 | Medium | 5.4 | 2017-08-07 | A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct… |
CVE-2017-12354 | Medium | 5.3 | 2017-11-30 | A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive inform… |
CVE-2017-3839 | Medium | 4.3 | 2017-02-22 | An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote att… |
CVE-2015-4219 | | 2015-06-24 | Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access c… | |
CVE-2015-0728 | | 2015-05-15 | Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a cra… | |
CVE-2014-2130 | | 2015-03-06 | Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users… | |
CVE-2015-0580 | | 2015-02-12 | Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote au… | |
CVE-2014-8029 | | 2015-01-09 | Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites a… | |
CVE-2014-8028 | | 2015-01-09 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary… | |
CVE-2014-8027 | | 2015-01-09 | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create… | |
CVE-2014-0678 | | 2014-01-25 | The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions… | |
CVE-2014-0668 | | 2014-01-20 | Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HT… | |
CVE-2014-0667 | | 2014-01-16 | The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to… | |
CVE-2014-0650 | | 2014-01-16 | The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via… | |
CVE-2014-0649 | | 2014-01-16 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenti… | |
CVE-2014-0648 | | 2014-01-16 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which all… | |
CVE-2014-0663 | | 2014-01-10 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web scrip… |