Vulnerabilities > Cisco > Secure Access Control Server Solution Engine
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-05 | CVE-2018-0414 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. | 3.5 |
2018-03-08 | CVE-2018-0218 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine 5.8(0.8) A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. | 4.3 |
2018-03-08 | CVE-2018-0207 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine 5.8(0.8) A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. | 4.3 |
2015-04-17 | CVE-2015-0700 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server Solution Engine 5.4.0.46.6/5.5.0.36/5.5.0.46.4 Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. | 6.8 |
2013-06-12 | CVE-2013-3380 | Information Exposure vulnerability in Cisco Secure Access Control Server Solution Engine The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | 4.0 |