Vulnerabilities > Cisco > Elastic Services Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2021-1312 | Resource Exhaustion vulnerability in Cisco Elastic Services Controller A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. | 7.5 |
| 2019-05-10 | CVE-2019-1867 | Improper Authentication vulnerability in Cisco Elastic Services Controller A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. | 10.0 |
| 2018-02-22 | CVE-2018-0121 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. | 7.5 |
| 2018-01-18 | CVE-2018-0106 | Files or Directories Accessible to External Parties vulnerability in Cisco Elastic Services Controller A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. | 2.1 |
| 2017-08-17 | CVE-2017-6786 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76) A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. | 4.6 |
| 2017-08-17 | CVE-2017-6777 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3/2.3(2) A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. | 4.0 |
| 2017-08-17 | CVE-2017-6776 | Cross-site Scripting vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 4.3 |
| 2017-08-17 | CVE-2017-6772 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. | 4.0 |
| 2017-07-06 | CVE-2017-6713 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Elastic Services Controller A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. | 10.0 |
| 2017-07-06 | CVE-2017-6712 | OS Command Injection vulnerability in Cisco Elastic Services Controller A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. | 9.0 |