Vulnerabilities > Cisco > Secure Access Control Server > 5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-11-07 | CVE-2012-5424 | Improper Input Validation vulnerability in Cisco Secure Access Control Server Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | 5.0 |
2012-05-02 | CVE-2011-3317 | Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | 4.3 |
2012-05-02 | CVE-2011-3293 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | 6.8 |