Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-22 | CVE-2018-0199 | Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(0) A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 4.3 |
| 2018-02-22 | CVE-2018-0148 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832) A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.8 |
| 2018-02-22 | CVE-2018-0146 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework 3.1 A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 5.8 |
| 2018-02-22 | CVE-2018-0145 | Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework 3.1 A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. | 4.3 |
| 2018-02-22 | CVE-2018-0139 | Unspecified vulnerability in Cisco Unified Customer Voice Portal 11.5(1)/11.6 A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. | 5.0 |
| 2018-02-22 | CVE-2018-0130 | Insecure Default Initialization of Resource vulnerability in Cisco Virtual Managed Services 3.0 A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. | 7.5 |
| 2018-02-22 | CVE-2018-0124 | Key Management Errors vulnerability in Cisco Unified Communications Domain Manager A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. | 7.5 |
| 2018-02-22 | CVE-2018-0121 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. | 7.5 |
| 2018-02-08 | CVE-2018-0140 | Forced Browsing vulnerability in Cisco products A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. | 6.5 |
| 2018-02-08 | CVE-2018-0138 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. | 5.0 |