Vulnerabilities > Cisco > UCS Director
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-1935 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. | 9.8 |
| 2019-08-21 | CVE-2019-12634 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2018-10-05 | CVE-2018-15406 | Cross-site Scripting vulnerability in Cisco UCS Director 6.6 A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 6.1 |
| 2018-10-05 | CVE-2018-15405 | Incorrect Authorization vulnerability in Cisco UCS Director 2.1(0.0)/6.6(1.0) A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. | 6.5 |
| 2018-02-22 | CVE-2018-0148 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832) A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 8.8 |