Prime Collaboration

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-08	CVE-2018-15450	Path Traversal vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. network low complexity cisco CWE-22	6.5
2018-10-05	CVE-2018-15389	Use of Hard-coded Credentials vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. network low complexity cisco CWE-798 critical	9.8
2018-08-01	CVE-2018-0391	Unspecified vulnerability in Cisco products A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. network low complexity cisco	6.5
2018-06-07	CVE-2018-0336	Missing Authorization vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. network low complexity cisco CWE-862	8.8
2018-06-07	CVE-2018-0335	Insufficiently Protected Credentials vulnerability in Cisco Prime Collaboration 12.2 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. local low complexity cisco CWE-522	7.8
2018-06-07	CVE-2018-0322	Missing Authorization vulnerability in Cisco products A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. network low complexity cisco CWE-862	8.8
2018-06-07	CVE-2018-0321	Improper Authentication vulnerability in Cisco products A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. network low complexity cisco CWE-287 critical	9.8
2018-06-07	CVE-2018-0320	SQL Injection vulnerability in Cisco products A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. network low complexity cisco CWE-89 critical	9.8
2018-06-07	CVE-2018-0319	Improper Authentication vulnerability in Cisco products A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. network low complexity cisco CWE-287 critical	9.8
2018-06-07	CVE-2018-0318	Improper Authentication vulnerability in Cisco products A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. network low complexity cisco CWE-287 critical	9.8