Vulnerabilities > Cisco > Prime Collaboration Provisioning > 12.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-02 | CVE-2017-12276 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 8.1 |
2017-08-07 | CVE-2017-6759 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. | 6.5 |
2017-07-25 | CVE-2017-6755 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
2017-07-04 | CVE-2017-6705 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. | 5.5 |
2017-07-04 | CVE-2017-6704 | Path Traversal vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. | 6.5 |