Vulnerabilities > Cisco > Data Center Network Manager > 10.4.1.128
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-26 | CVE-2020-3518 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. | 5.4 |
2020-07-31 | CVE-2020-3462 | SQL Injection vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.3 |
2020-07-31 | CVE-2020-3384 | Unspecified vulnerability in Cisco Data Center Network Manager A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. | 8.2 |
2020-07-31 | CVE-2020-3383 | Improper Input Validation vulnerability in Cisco Data Center Network Manager A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. | 8.8 |
2020-01-06 | CVE-2019-15984 | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 7.2 |
2020-01-06 | CVE-2019-15978 | OS Command Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). | 7.2 |
2020-01-06 | CVE-2019-15977 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 7.5 |
2020-01-06 | CVE-2019-15976 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
2020-01-06 | CVE-2019-15975 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
2018-03-08 | CVE-2018-0210 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager 10.4(1.128)/10.4(2) A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |