All the vulnerabilites related to cisco - prime_security_manager
Vulnerability from fkie_nvd
Published
2016-02-07 11:59
Modified
2024-11-21 02:46
Severity ?
Summary
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E288E19-D13C-4E66-92C4-832E6151BE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.1-40:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AB78A0-939D-47F4-9F8A-E8D337FB852E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.2-68:*:*:*:*:*:*:*",
"matchCriteriaId": "B057253B-3199-490D-8B16-4F6AC3187147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B5ADAD-E627-4D08-B50A-A3251BE025AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-29:*:*:*:*:*:*:*",
"matchCriteriaId": "308EBED0-E069-4B8D-BE7B-5FB3940491FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-42:*:*:*:*:*:*:*",
"matchCriteriaId": "657AC52E-EF40-49D9-A0F9-F9BDA8A67B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FBB326-9011-434D-B142-5C6B1F422442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-10:*:*:*:*:*:*:*",
"matchCriteriaId": "91D0E148-44D5-4A48-B33B-E5D891AC7F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-13:*:*:*:*:*:*:*",
"matchCriteriaId": "6D123EB5-1B8F-484B-818D-FD221E7531FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "955A92B5-5618-4046-888C-76B996F70FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F163F-4C7F-462A-8229-1D98C85B7D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDE8C4C-846A-41FA-998D-58802A3D7F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC9743A-641F-4F0A-97FC-5DF8B0333222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A81A0E90-9200-436C-81BC-FA4BF745EEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*",
"matchCriteriaId": "13B6FFEA-4F46-4D20-9821-FE32B57F6145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4AE8C1-9BD1-491A-9835-D95F4D90F496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*",
"matchCriteriaId": "A0710827-10AD-4DE9-BB0F-B4D072DDC8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*",
"matchCriteriaId": "96F09A7A-9A3D-4D73-912A-2B01CEABEFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA36AEA-6516-41DD-90D3-0504A4CB5231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*",
"matchCriteriaId": "68C47683-C68B-4B84-80F6-FDFF9156991C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFA5ADA-E573-447B-AFD9-E37682B57BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*",
"matchCriteriaId": "1359CC7F-628F-44EB-B36D-FF1210E227B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "16E7AFAD-3A1D-4244-AA61-85B430E8D51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC110506-3E7F-4DD9-99D2-6E04F1E65D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842."
},
{
"lang": "es",
"value": "La implementaci\u00f3n RBAC en Cisco ASA-CX Content-Aware Security software anterior a 9.3.1.1(112) y Cisco Prime Security Manager (PRSM) software anterior a 9.3.1.1(112) permite a usuarios remotos autenticados cambiar contrase\u00f1as arbitrarias a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuo94842."
}
],
"id": "CVE-2016-1301",
"lastModified": "2024-11-21T02:46:08.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-07T11:59:01.053",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034926"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1034927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034927"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-13 00:59
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_security_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457CCC35-449B-4002-89FB-3D22BD4F34A8",
"versionEndIncluding": "9.2.1-2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el Framework web de Cisco Prime Security Manager 9.2.1-2 y anteriores (tambi\u00e9n conocido como PRSM) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) Access Policies o (2) Device Summary Dashboard, tambi\u00e9n conocido como Bug ID CSCuq80661."
}
],
"id": "CVE-2014-3364",
"lastModified": "2024-11-21T02:07:56.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-13T00:59:00.070",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-27 21:55
Modified
2024-11-21 02:05
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_security_manager | * | |
| cisco | prime_security_manager | 9.0 | |
| cisco | prime_security_manager | 9.1 | |
| cisco | prime_security_manager | 9.1.2-29 | |
| cisco | prime_security_manager | 9.1.2-42 | |
| cisco | prime_security_manager | 9.1.3-8 | |
| cisco | prime_security_manager | 9.1.3-10 | |
| cisco | prime_security_manager | 9.1.3-13 | |
| cisco | prime_security_manager | 9.2 | |
| cisco | prime_security_manager | 9.2.1-1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457CCC35-449B-4002-89FB-3D22BD4F34A8",
"versionEndIncluding": "9.2.1-2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F52A82-C8A8-4692-9232-E4ACE5714BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6919AA10-28A4-46BD-A491-0C0130B4C385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-29:*:*:*:*:*:*:*",
"matchCriteriaId": "308EBED0-E069-4B8D-BE7B-5FB3940491FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-42:*:*:*:*:*:*:*",
"matchCriteriaId": "657AC52E-EF40-49D9-A0F9-F9BDA8A67B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FBB326-9011-434D-B142-5C6B1F422442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-10:*:*:*:*:*:*:*",
"matchCriteriaId": "91D0E148-44D5-4A48-B33B-E5D891AC7F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-13:*:*:*:*:*:*:*",
"matchCriteriaId": "6D123EB5-1B8F-484B-818D-FD221E7531FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B316BD78-7FCF-4A66-897B-000065AB5261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F163F-4C7F-462A-8229-1D98C85B7D59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en documentos HTML relacionados con el cuadro de mandos en Cisco Prime Security Manager (tambi\u00e9n conocido como PRSM) 9.2(.1-2) y anteriores permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocido como Bug ID CSCun50687."
}
],
"id": "CVE-2014-2118",
"lastModified": "2024-11-21T02:05:41.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-27T21:55:09.127",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/66488"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1029968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029968"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-12 01:59
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | prime_security_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457CCC35-449B-4002-89FB-3D22BD4F34A8",
"versionEndIncluding": "9.2.1-2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cisco Prime Security Manager (PRSM) 9.2(.1-2) y anteriores permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de entradas manipuladas en la p\u00e1gina (1) Dashboard o (2) Configure Realm, tambi\u00e9n conocido como Bug ID CSCuo94808."
}
],
"id": "CVE-2014-3365",
"lastModified": "2024-11-21T02:07:56.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-12T01:59:19.030",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1031716"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100756"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-12 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | asa_cx_context-aware_security | * | |
| cisco | prime_security_manager | * | |
| cisco | adaptive_security_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:asa_cx_context-aware_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "718CFC7B-4DE5-41A2-A8BD-4745B60CC472",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDB591F-AB83-4968-BCA7-D5EA7196BDE3",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D80DB80-F243-469B-993F-E368B092B3C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603."
},
{
"lang": "es",
"value": "El m\u00f3dulo Cisco ASA-CX Context-Aware Security antes de v9.0.2-103 para dispositivos Adaptive Security Appliances (ASA) y Prime Security Manager (tambi\u00e9n conocidos como PRSM) antes de v9.0.2-103, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de disco y cuelgue de la aplicaci\u00f3n), a trav\u00e9s de paquetes IPv4 que activan entradas de registro. Tambi\u00e9n conocido como Bug ID CSCub70603"
}
],
"id": "CVE-2012-4629",
"lastModified": "2024-11-21T01:43:17.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-12T23:55:00.853",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/55515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55515"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-4629
Vulnerability from cvelistv5
Published
2012-09-12 23:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/55515 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
},
{
"name": "55515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
},
{
"name": "55515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
},
{
"name": "55515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-4629",
"datePublished": "2012-09-12T23:00:00",
"dateReserved": "2012-08-24T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3365
Vulnerability from cvelistv5
Published
2015-02-12 01:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=37418 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100756 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1031716 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418"
},
{
"name": "20150209 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365"
},
{
"name": "cisco-prime-cve20143365-xss(100756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100756"
},
{
"name": "1031716",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031716"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418"
},
{
"name": "20150209 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365"
},
{
"name": "cisco-prime-cve20143365-xss(100756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100756"
},
{
"name": "1031716",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031716"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37418"
},
{
"name": "20150209 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365"
},
{
"name": "cisco-prime-cve20143365-xss(100756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100756"
},
{
"name": "1031716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031716"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3365",
"datePublished": "2015-02-12T01:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2118
Vulnerability from cvelistv5
Published
2014-03-27 21:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66488 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33542 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029968 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"name": "1029968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029968"
},
{
"name": "20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "66488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"name": "1029968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029968"
},
{
"name": "20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66488"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"name": "1029968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029968"
},
{
"name": "20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2118",
"datePublished": "2014-03-27T21:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1301
Vulnerability from cvelistv5
Published
2016-02-07 11:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034927 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1034926 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034927",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034927"
},
{
"name": "1034926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034926"
},
{
"name": "20160203 Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034927",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034927"
},
{
"name": "1034926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034926"
},
{
"name": "20160203 Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034927"
},
{
"name": "1034926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034926"
},
{
"name": "20160203 Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1301",
"datePublished": "2016-02-07T11:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3364
Vulnerability from cvelistv5
Published
2014-12-13 00:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36741 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741"
},
{
"name": "20141212 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-13T00:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741"
},
{
"name": "20141212 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741"
},
{
"name": "20141212 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3364",
"datePublished": "2014-12-13T00:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}