Vulnerabilities > Cisco > Prime Infrastructure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-16 | CVE-2019-1825 | SQL Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. | 5.5 |
| 2019-05-16 | CVE-2019-1824 | SQL Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. | 5.5 |
| 2019-05-16 | CVE-2019-1820 | Path Traversal vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. | 6.5 |
| 2019-05-16 | CVE-2019-1819 | Path Traversal vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. | 6.5 |
| 2019-05-16 | CVE-2019-1818 | Path Traversal vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. | 6.5 |
| 2019-02-21 | CVE-2019-1659 | Improper Certificate Validation vulnerability in Cisco Prime Infrastructure A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. | 5.8 |
| 2019-01-23 | CVE-2019-1643 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.2.0 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
| 2019-01-10 | CVE-2018-15457 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.5 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2018-10-05 | CVE-2018-15433 | Information Exposure vulnerability in Cisco Prime Infrastructure 3.2 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. | 4.0 |
| 2018-10-05 | CVE-2018-15432 | Information Exposure vulnerability in Cisco Prime Infrastructure 3.2 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. | 4.0 |