Vulnerabilities > Cisco > Secure Access Control System
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-06 | CVE-2014-2130 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | 6.5 |
2015-02-12 | CVE-2015-0580 | SQL Injection vulnerability in Cisco Secure Access Control System Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. | 6.5 |
2015-01-09 | CVE-2014-8029 | Open Redirection vulnerability in Cisco Secure Access Control Server Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. network cisco | 5.8 |
2015-01-09 | CVE-2014-8028 | Cross-site Scripting vulnerability in Cisco Secure Access Control System Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | 4.3 |
2015-01-09 | CVE-2014-8027 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | 6.5 |
2014-01-25 | CVE-2014-0678 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | 5.5 |
2014-01-20 | CVE-2014-0668 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949. | 4.3 |
2014-01-16 | CVE-2014-0667 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. | 6.3 |
2014-01-16 | CVE-2014-0650 | Improper Input Validation vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | 10.0 |
2014-01-16 | CVE-2014-0649 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | 9.0 |