Vulnerabilities > Cisco > Smart Software Manager ON Prem
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-20110 | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.5 |
| 2022-07-06 | CVE-2022-20808 | Resource Exhaustion vulnerability in Cisco Smart Software Manager On-Prem 8202004/8202108 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2021-10-06 | CVE-2021-34766 | Improper Privilege Management vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. | 8.8 |
| 2021-01-20 | CVE-2021-1222 | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.1 |
| 2021-01-20 | CVE-2021-1219 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. | 7.8 |
| 2021-01-20 | CVE-2021-1218 | Open Redirect vulnerability in Cisco Smart Software Manager On-Prem 5.0 A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. | 5.4 |
| 2020-08-26 | CVE-2020-3443 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 8202004 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. | 8.8 |
| 2020-06-18 | CVE-2020-3245 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.3 |
| 2020-02-19 | CVE-2020-3158 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. | 9.1 |
| 2020-01-26 | CVE-2019-16029 | Improper Input Validation vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0/6.3.0 A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. | 9.1 |