Vulnerabilities > Cisco > Application Policy Infrastructure Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-1388 | Unspecified vulnerability in Cisco products A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. | 10.0 |
| 2020-06-03 | CVE-2020-3335 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. | 5.5 |
| 2020-06-03 | CVE-2020-3333 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. | 5.3 |
| 2020-01-26 | CVE-2020-3139 | Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. | 5.3 |
| 2019-07-04 | CVE-2019-1890 | Unspecified vulnerability in Cisco Application Policy Infrastructure Controller 7.3(0)Zn(0.113) A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. low complexity cisco | 6.5 |
| 2019-07-04 | CVE-2019-1889 | Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller 4.1(1J) A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. | 7.2 |
| 2019-05-03 | CVE-2019-1838 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller 3.2(5D)/4.0(3D) A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2019-05-03 | CVE-2019-1692 | Missing Encryption of Sensitive Data vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. | 5.3 |
| 2019-05-03 | CVE-2019-1682 | Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. | 7.8 |
| 2019-05-03 | CVE-2019-1586 | Incomplete Cleanup vulnerability in Cisco Application Policy Infrastructure Controller 4.1(0.90A) A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. | 4.6 |