All the vulnerabilites related to cisco - security_monitoring_analysis_and_response_system
cve-2007-0397
Vulnerability from cvelistv5
Published
2007-01-20 01:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017535 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/22111 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/32720 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/0245 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1017536 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/23836 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31567 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017535"
},
{
"name": "22111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22111"
},
{
"name": "32720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32720"
},
{
"name": "ADV-2007-0245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0245"
},
{
"name": "1017536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017536"
},
{
"name": "23836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23836"
},
{
"name": "cisco-csmars-asdm-device-spoofing(31567)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
},
{
"name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017535",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017535"
},
{
"name": "22111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22111"
},
{
"name": "32720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32720"
},
{
"name": "ADV-2007-0245",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0245"
},
{
"name": "1017536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017536"
},
{
"name": "23836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23836"
},
{
"name": "cisco-csmars-asdm-device-spoofing(31567)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
},
{
"name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017535",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017535"
},
{
"name": "22111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22111"
},
{
"name": "32720",
"refsource": "OSVDB",
"url": "http://osvdb.org/32720"
},
{
"name": "ADV-2007-0245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0245"
},
{
"name": "1017536",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017536"
},
{
"name": "23836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23836"
},
{
"name": "cisco-csmars-asdm-device-spoofing(31567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
},
{
"name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0397",
"datePublished": "2007-01-20T01:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T12:19:29.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1140
Vulnerability from cvelistv5
Published
2013-03-06 11:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130304 Cisco MARS Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-06T11:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130304 Cisco MARS Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130304 Cisco MARS Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1140",
"datePublished": "2013-03-06T11:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:00.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3733
Vulnerability from cvelistv5
Published
2006-07-19 23:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19071 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27811 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/21118 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2006/2887 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19075 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/440641/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/27419 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1016537 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19071"
},
{
"name": "cisco-jboss-command-execution(27811)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
},
{
"name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"name": "21118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21118"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "ADV-2006-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"name": "19075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19075"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27419"
},
{
"name": "1016537",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19071"
},
{
"name": "cisco-jboss-command-execution(27811)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
},
{
"name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"name": "21118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21118"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "ADV-2006-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"name": "19075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19075"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27419"
},
{
"name": "1016537",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19071"
},
{
"name": "cisco-jboss-command-execution(27811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
},
{
"name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"name": "21118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21118"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "ADV-2006-2887",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"name": "19075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19075"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "27419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27419"
},
{
"name": "1016537",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3733",
"datePublished": "2006-07-19T23:00:00",
"dateReserved": "2006-07-19T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5563
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html | mailing-list, x_refsource_BUGTRAQ | |
| http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-06T11:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html"
},
{
"name": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability",
"refsource": "MISC",
"url": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-5563",
"datePublished": "2013-11-06T11:00:00Z",
"dateReserved": "2013-08-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:48.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-03-06 13:10
Modified
2024-11-21 01:48
Severity ?
Summary
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9033AA05-35F6-466B-B7C2-7E6D17CE7137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093."
},
{
"lang": "es",
"value": "El analizador XML de Cisco Security Monitoring, Analysis, y Response System (MARS) permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de una declaraci\u00f3n de entidad externa, en relaci\u00f3n con una referencia de entidad, relacionada con la entidad XML externo (XXE) expedir, tambi\u00e9n conocido como Bug ID CSCue55093."
}
],
"id": "CVE-2013-1140",
"lastModified": "2024-11-21T01:48:58.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-06T13:10:25.970",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9033AA05-35F6-466B-B7C2-7E6D17CE7137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Query / NewQueryResult.jsp en Cisco Security Monitoring, Analysis and Response System (CS-MARS) que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro isnowLatency, tambi\u00e9n conocido como Bug ID CSCul16173."
}
],
"id": "CVE-2013-5563",
"lastModified": "2024-11-21T01:57:42.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-06T15:55:06.827",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-20 01:28
Modified
2024-11-21 00:25
Severity ?
Summary
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | 4.2.3 | |
| cisco | adaptive_security_appliance_device_manager | 5.2.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "378FF1D6-86D3-431C-927F-16FF6372529A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
},
{
"lang": "es",
"value": "El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\u00f3n sensible o generando informaci\u00f3n incorrecta."
}
],
"id": "CVE-2007-0397",
"lastModified": "2024-11-21T00:25:45.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-20T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23836"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017535"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017536"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22111"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0245"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2024-11-21 00:14
Severity ?
Summary
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42441750-8181-4945-B160-81B6A8837451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name."
},
{
"lang": "es",
"value": "jmx-console/HtmlAdaptor en el jmx-console en el servidor de aplicaciones Web JBoss, como el que va incluido en Cisco Security Monitoring, Analysis and Response System (CS-MARS) anterior a 4.2.1, permite a atacantes remotos obtener privilegios como administrador CS-MARS y ejecutar c\u00f3digo Java de su elecci\u00f3n mediante la acci\u00f3n invokeOp en el nombre de servicio BSHDeployer jboss.scripts."
}
],
"id": "CVE-2006-3733",
"lastModified": "2024-11-21T00:14:17.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21118"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016537"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27419"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19071"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19075"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}