Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-0087 Improper Authentication vulnerability in Cisco Asyncos 10.5.1296
A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password.
network
cisco CWE-287
6.8
6.8
2018-02-22 CVE-2018-0206 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
4.3
2018-02-22 CVE-2018-0205 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
network
cisco CWE-79
4.3
4.3
2018-02-22 CVE-2018-0204 Weak Password Requirements vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users.
network
low complexity
cisco CWE-521
5.0
5.0
2018-02-22 CVE-2018-0203 Unspecified vulnerability in Cisco Unity Connection
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability.
network
low complexity
cisco
5.0
5.0
2018-02-22 CVE-2018-0200 Cross-site Scripting vulnerability in Cisco Prime Service Catalog
A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product.
network
cisco CWE-79
4.3
4.3
2018-02-22 CVE-2018-0199 Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(0)
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
cisco CWE-79
4.3
4.3
2018-02-22 CVE-2018-0148 Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832)
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
network
cisco CWE-352
6.8
6.8
2018-02-22 CVE-2018-0146 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework 3.1
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
cisco CWE-352
5.8
5.8
2018-02-22 CVE-2018-0145 Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework 3.1
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system.
network
cisco CWE-79
4.3
4.3