Vulnerabilities > Cisco > Secure Access Control System > 5.8.2.5

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2017-3841 Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information.
network
low complexity
cisco CWE-200
7.5
7.5
2017-02-22 CVE-2017-3840 Open Redirect vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability.
network
low complexity
cisco CWE-601
6.1
6.1
2017-02-22 CVE-2017-3839 XXE vulnerability in Cisco Secure Access Control System 5.8(2.5)
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system.
network
low complexity
cisco CWE-611
4.3
4.3
2017-02-22 CVE-2017-3838 Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
6.1