Vulnerabilities > Cisco > UCS Director Express FOR BIG Data > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-3243 Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-269
critical
9.8
2020-04-15 CVE-2020-3247 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
critical
9.8
2020-04-15 CVE-2020-3248 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
critical
9.8
2020-04-15 CVE-2020-3250 Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-269
critical
9.8
2019-08-21 CVE-2019-1935 Use of Hard-coded Credentials vulnerability in Cisco products
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials.
network
low complexity
cisco CWE-798
critical
9.8
2019-08-21 CVE-2019-1937 Improper Authentication vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication.
network
low complexity
cisco CWE-287
critical
9.8
2019-08-21 CVE-2019-1938 Improper Authentication vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system.
network
low complexity
cisco CWE-287
critical
9.8
2019-08-21 CVE-2019-1974 Improper Authentication vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user.
network
low complexity
cisco CWE-287
critical
9.8