|
246981
|
6.1 |
MEDIUM
Network
|
cisco
|
data_center_analytics_framework
|
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site script…
|
CWE-79
Cross-site Scripting
|
CVE-2018-0145
|
2024-11-21 12:37 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246982
|
8.6 |
HIGH
Network
|
cisco
|
unified_customer_voice_portal
|
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR …
|
NVD-CWE-Other
|
CVE-2018-0139
|
2024-11-21 12:37 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246983
|
9.8 |
CRITICAL
Network
|
cisco
|
virtual_managed_services
|
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative acce…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2018-0130
|
2024-11-21 12:37 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246984
|
9.8 |
CRITICAL
Network
|
cisco
|
unified_communications_domain_manager
|
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Th…
|
CWE-320
Key Management Errors
|
CVE-2018-0124
|
2024-11-21 12:37 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246985
|
9.8 |
CRITICAL
Network
|
cisco
|
elastic_services_controller
virtual_managed_services
|
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authenticat…
|
CWE-287
Improper Authentication
|
CVE-2018-0121
|
2024-11-21 12:37 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246986
|
7.2 |
HIGH
Network
|
schneider-electric
|
struxureon_gateway
|
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be u…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9970
|
2024-11-21 12:37 |
2018-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246987
|
6.7 |
MEDIUM
Local
|
schneider-electric
|
igss_mobile
|
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in expo…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-9969
|
2024-11-21 12:37 |
2018-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246988
|
5.9 |
MEDIUM
Network
|
schneider-electric
|
igss_mobile
|
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establish…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-9968
|
2024-11-21 12:37 |
2018-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246989
|
7.8 |
HIGH
Local
|
schneider-electric
|
interactive_graphical_scada_system
|
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) a…
|
NVD-CWE-noinfo
|
CVE-2017-9967
|
2024-11-21 12:37 |
2018-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246990
|
8.1 |
HIGH
Network
|
schneider-electric
|
powerscada_anywhere
|
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2…
|
CWE-352
Origin Validation Error
|
CVE-2017-9963
|
2024-11-21 12:37 |
2018-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
