Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_access_control_system
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-01-25 | CVE-2014-0678 | The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | Secure_access_control_system | N/A | ||
| 2014-01-20 | CVE-2014-0668 | Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949. | Secure_access_control_system | N/A | ||
| 2014-01-16 | CVE-2014-0667 | The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. | Secure_access_control_system | N/A | ||
| 2014-01-10 | CVE-2014-0663 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. | Secure_access_control_system | N/A | ||
| 2014-01-16 | CVE-2014-0650 | The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | Secure_access_control_system | N/A | ||
| 2014-01-16 | CVE-2014-0649 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | Secure_access_control_system | N/A | ||
| 2014-01-16 | CVE-2014-0648 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | Secure_access_control_system | N/A | ||
| 2014-01-10 | CVE-2013-6974 | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | Secure_access_control_system | N/A | ||
| 2013-12-02 | CVE-2013-6695 | The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. | Secure_access_control_system | N/A | ||
| 2013-10-24 | CVE-2013-5536 | Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | Secure_access_control_system | N/A |