Vulnerabilities > Cisco > Prime Collaboration Provisioning > 10.6.0

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2017-6637 Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system.
network
low complexity
cisco CWE-20
4.0
4.0
2017-05-22 CVE-2017-6636 Path Traversal vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system.
network
low complexity
cisco CWE-22
4.0
4.0
2017-05-22 CVE-2017-6635 Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system.
network
low complexity
cisco CWE-862
6.8
6.8
2017-05-18 CVE-2017-6622 Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges.
network
low complexity
cisco CWE-862
critical
 10.0
10
2017-05-18 CVE-2017-6621 Information Exposure vulnerability in Cisco Prime Collaboration Provisioning
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data.
network
low complexity
cisco CWE-200
5.0
5.0
2016-11-03 CVE-2016-6451 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
cisco CWE-79
4.3
4.3
2015-10-12 CVE-2015-6329 SQL Injection vulnerability in Cisco Prime Collaboration Provisioning 10.6.0/11.0.0
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
network
low complexity
cisco CWE-89
6.5
6.5
2015-09-20 CVE-2015-4307 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.
network
low complexity
cisco CWE-264
critical
 9.0
9.0