Connected Mobile Experiences

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2021-12-10	CVE-2021-44228	Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical	10.0
2021-08-04	CVE-2021-1522	Weak Password Requirements vulnerability in Cisco Connected Mobile Experiences A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. network low complexity cisco CWE-521	4.3
2021-01-13	CVE-2021-1144	Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. network low complexity cisco CWE-863	8.8
2021-01-13	CVE-2021-1143	Missing Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. network low complexity cisco CWE-862	4.3
2020-08-26	CVE-2020-3152	Incorrect Default Permissions vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. local low complexity cisco CWE-276	6.7
2020-08-26	CVE-2020-3151	Improper Authentication vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. local low complexity cisco CWE-287	6.7
2019-01-24	CVE-2019-1645	Information Exposure vulnerability in Cisco Connected Mobile Experiences 10.2(1.0) A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. low complexity cisco CWE-200	4.3