Vulnerabilities > Cisco > Prime Data Center Network Manager > 4.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-03 | CVE-2015-0666 | Path Traversal vulnerability in Cisco Prime Data Center Network Manager Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | 7.8 |
| 2014-07-29 | CVE-2014-3329 | Cross-Site Scripting vulnerability in Cisco Prime Data Center Network Manager Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. | 4.3 |
| 2013-09-23 | CVE-2013-5490 | Information Exposure vulnerability in Cisco Prime Data Center Network Manager Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. | 7.8 |
| 2013-09-23 | CVE-2013-5487 | Information Exposure vulnerability in Cisco Prime Data Center Network Manager DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. | 7.8 |
| 2013-09-23 | CVE-2013-5486 | OS Command Injection vulnerability in Cisco Prime Data Center Network Manager Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. | 10.0 |
| 2012-11-02 | CVE-2012-5417 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Data Center Network Manager Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | 10.0 |