Vulnerabilities > Cisco > Cloud Network Automation Provisioner > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-03 | CVE-2016-1441 | Improper Input Validation vulnerability in Cisco Cloud Network Automation Provisioner 1.0(0) Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | 8.2 |
2016-05-12 | CVE-2016-1393 | SQL Injection vulnerability in Cisco Cloud Network Automation Provisioner 1.0/1.1 SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | 7.1 |