Vulnerabilities > Cisco > Prime Collaboration Provisioning > 10.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-07 | CVE-2018-0317 | Missing Authorization vulnerability in Cisco products A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. | 8.8 |
2017-11-02 | CVE-2017-12276 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 8.1 |
2017-05-22 | CVE-2017-6637 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. | 6.5 |
2017-05-22 | CVE-2017-6636 | Path Traversal vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. | 6.5 |
2017-05-22 | CVE-2017-6635 | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. | 6.5 |
2017-05-18 | CVE-2017-6622 | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. | 9.8 |
2017-05-18 | CVE-2017-6621 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. | 7.5 |
2016-07-02 | CVE-2016-1416 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning 10.6.2 Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | 9.8 |