Vulnerabilities > Cisco > Secure Access Control System > 5.3.0.40.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-24 | CVE-2015-4219 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | 4.0 |
2015-02-12 | CVE-2015-0580 | SQL Injection vulnerability in Cisco Secure Access Control System Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. | 6.5 |
2014-01-16 | CVE-2014-0650 | Improper Input Validation vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | 10.0 |
2014-01-16 | CVE-2014-0649 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | 9.0 |
2014-01-16 | CVE-2014-0648 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | 10.0 |