Vulnerabilities > Cisco > Evolved Programmable Network Manager

DATE CVE VULNERABILITY TITLE RISK
2023-04-05 CVE-2023-20130 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
network
low complexity
cisco CWE-352
6.5
2023-04-05 CVE-2023-20131 Cross-site Scripting vulnerability in Cisco Prime Infrastructure
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
network
low complexity
cisco CWE-79
5.4
2023-03-03 CVE-2023-20069 Cross-site Scripting vulnerability in Cisco Prime Infrastructure
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
network
low complexity
cisco CWE-79
5.4
2022-02-17 CVE-2022-20659 Cross-site Scripting vulnerability in Cisco Prime Infrastructure
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-11-04 CVE-2021-34784 Cross-site Scripting vulnerability in Cisco Prime Infrastructure
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2021-09-02 CVE-2021-34733 Insufficiently Protected Credentials vulnerability in Cisco products
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system.
local
low complexity
cisco CWE-522
5.5
2021-08-04 CVE-2021-34707 Information Exposure vulnerability in Cisco Evolved Programmable Network Manager
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system.
network
low complexity
cisco CWE-200
6.5
2021-05-22 CVE-2021-1306 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Cisco Identity Services Engine
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system.
local
low complexity
cisco CWE-610
3.4
2021-05-22 CVE-2021-1487 Unspecified vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system.
network
low complexity
cisco
8.8