Vulnerabilites related to cisco - security_monitoring_analysis_and_response_system
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | 4.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "42441750-8181-4945-B160-81B6A8837451", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.", }, { lang: "es", value: "jmx-console/HtmlAdaptor en el jmx-console en el servidor de aplicaciones Web JBoss, como el que va incluido en Cisco Security Monitoring, Analysis and Response System (CS-MARS) anterior a 4.2.1, permite a atacantes remotos obtener privilegios como administrador CS-MARS y ejecutar código Java de su elección mediante la acción invokeOp en el nombre de servicio BSHDeployer jboss.scripts.", }, ], id: "CVE-2006-3733", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-07-21T14:03:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21118", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1016537", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/27419", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/440641/100/100/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/19071", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/19075", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2006/2887", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/21118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1016537", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/27419", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/440641/100/100/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/19071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/19075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2006/2887", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:*:*:*:*:*:*:*:*", matchCriteriaId: "9033AA05-35F6-466B-B7C2-7E6D17CE7137", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.", }, { lang: "es", value: "Vulnerabilidad Cross-site scripting (XSS) en Query / NewQueryResult.jsp en Cisco Security Monitoring, Analysis and Response System (CS-MARS) que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro isnowLatency, también conocido como Bug ID CSCul16173.", }, ], id: "CVE-2013-5563", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-11-06T15:55:06.827", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html", }, { source: "psirt@cisco.com", tags: [ "Exploit", ], url: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-06 13:10
Modified
2025-04-11 00:51
Severity ?
Summary
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:*:*:*:*:*:*:*:*", matchCriteriaId: "9033AA05-35F6-466B-B7C2-7E6D17CE7137", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.", }, { lang: "es", value: "El analizador XML de Cisco Security Monitoring, Analysis, y Response System (MARS) permite a atacantes remotos leer archivos de su elección a través de una declaración de entidad externa, en relación con una referencia de entidad, relacionada con la entidad XML externo (XXE) expedir, también conocido como Bug ID CSCue55093.", }, ], id: "CVE-2013-1140", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-06T13:10:25.970", references: [ { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-01-20 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_monitoring_analysis_and_response_system | 4.2.3 | |
| cisco | adaptive_security_appliance_device_manager | 5.2.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*", matchCriteriaId: "378FF1D6-86D3-431C-927F-16FF6372529A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.", }, { lang: "es", value: "El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves públicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo información sensible o generando información incorrecta.", }, ], id: "CVE-2007-0397", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-01-20T01:28:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/32720", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23836", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017535", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017536", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22111", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/0245", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/32720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/0245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2007-0397 (GCVE-0-2007-0397)
Vulnerability from cvelistv5
Published
2007-01-20 01:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017535 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/22111 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/32720 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/0245 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1017536 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/23836 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31567 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:19:29.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1017535", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017535", }, { name: "22111", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22111", }, { name: "32720", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/32720", }, { name: "ADV-2007-0245", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0245", }, { name: "1017536", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017536", }, { name: "23836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23836", }, { name: "cisco-csmars-asdm-device-spoofing(31567)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567", }, { name: "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-01-18T00:00:00", descriptions: [ { lang: "en", value: "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1017535", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017535", }, { name: "22111", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22111", }, { name: "32720", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/32720", }, { name: "ADV-2007-0245", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0245", }, { name: "1017536", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017536", }, { name: "23836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23836", }, { name: "cisco-csmars-asdm-device-spoofing(31567)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567", }, { name: "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0397", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1017535", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017535", }, { name: "22111", refsource: "BID", url: "http://www.securityfocus.com/bid/22111", }, { name: "32720", refsource: "OSVDB", url: "http://osvdb.org/32720", }, { name: "ADV-2007-0245", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0245", }, { name: "1017536", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017536", }, { name: "23836", refsource: "SECUNIA", url: "http://secunia.com/advisories/23836", }, { name: "cisco-csmars-asdm-device-spoofing(31567)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567", }, { name: "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0397", datePublished: "2007-01-20T01:00:00", dateReserved: "2007-01-19T00:00:00", dateUpdated: "2024-08-07T12:19:29.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-3733 (GCVE-0-2006-3733)
Vulnerability from cvelistv5
Published
2006-07-19 23:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19071 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27811 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/21118 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2006/2887 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19075 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/440641/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/27419 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1016537 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T18:39:53.796Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "19071", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/19071", }, { name: "cisco-jboss-command-execution(27811)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811", }, { name: "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml", }, { name: "21118", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21118", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html", }, { name: "ADV-2006-2887", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/2887", }, { name: "19075", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/19075", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/440641/100/100/threaded", }, { name: "27419", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/27419", }, { name: "1016537", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016537", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-07-19T00:00:00", descriptions: [ { lang: "en", value: "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "19071", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/19071", }, { name: "cisco-jboss-command-execution(27811)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811", }, { name: "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml", }, { name: "21118", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21118", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html", }, { name: "ADV-2006-2887", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/2887", }, { name: "19075", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/19075", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/440641/100/100/threaded", }, { name: "27419", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/27419", }, { name: "1016537", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016537", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-3733", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "19071", refsource: "BID", url: "http://www.securityfocus.com/bid/19071", }, { name: "cisco-jboss-command-execution(27811)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811", }, { name: "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml", }, { name: "21118", refsource: "SECUNIA", url: "http://secunia.com/advisories/21118", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html", }, { name: "ADV-2006-2887", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/2887", }, { name: "19075", refsource: "BID", url: "http://www.securityfocus.com/bid/19075", }, { name: "20060720 Cisco MARS < 4.2.1 remote compromise", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/440641/100/100/threaded", }, { name: "27419", refsource: "OSVDB", url: "http://www.osvdb.org/27419", }, { name: "1016537", refsource: "SECTRACK", url: "http://securitytracker.com/id?1016537", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-3733", datePublished: "2006-07-19T23:00:00", dateReserved: "2006-07-19T00:00:00", dateUpdated: "2024-08-07T18:39:53.796Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-5563 (GCVE-0-2013-5563)
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html | mailing-list, x_refsource_BUGTRAQ | |
| http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:15:21.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-11-06T11:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html", }, { tags: [ "x_refsource_MISC", ], url: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-5563", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20131104 Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html", }, { name: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", refsource: "MISC", url: "http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-5563", datePublished: "2013-11-06T11:00:00Z", dateReserved: "2013-08-22T00:00:00Z", dateUpdated: "2024-09-16T16:48:48.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1140 (GCVE-0-2013-1140)
Vulnerability from cvelistv5
Published
2013-03-06 11:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:49:20.690Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130304 Cisco MARS Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-06T11:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130304 Cisco MARS Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-1140", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130304 Cisco MARS Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-1140", datePublished: "2013-03-06T11:00:00Z", dateReserved: "2013-01-11T00:00:00Z", dateUpdated: "2024-09-17T02:21:00.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }