Vulnerabilities > Cisco > Unified Computing System Central Software > 1.3.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-1354 Improper Certificate Validation vulnerability in Cisco Unified Computing System Central Software
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
low complexity
cisco CWE-295
3.5
3.5
2016-04-14 CVE-2016-1352 OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
network
low complexity
cisco CWE-78
7.5
7.5
2015-12-05 CVE-2015-6388 Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.
network
low complexity
cisco
5.0
5.0
2015-12-05 CVE-2015-6387 Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
network
cisco CWE-79
4.3
4.3