Vulnerabilities > Cisco > Prime Collaboration Provisioning

DATE CVE VULNERABILITY TITLE RISK
2016-11-03 CVE-2016-6451 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
cisco CWE-79
4.3
4.3
2016-07-02 CVE-2016-1416 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning 10.6.2
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.
network
low complexity
cisco CWE-264
critical
 10.0
10
2015-10-12 CVE-2015-6329 SQL Injection vulnerability in Cisco Prime Collaboration Provisioning 10.6.0/11.0.0
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
network
low complexity
cisco CWE-89
6.5
6.5
2015-09-20 CVE-2015-4307 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.
network
low complexity
cisco CWE-264
critical
 9.0
9.0