Cisco

Prime Service Catalog

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-20680

  • EPSS 0.32%
  • Published 10.02.2022 18:15:08
  • Last modified 21.11.2024 06:43:18

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrat...

10

CVE-2021-44228

Warning Exploit
  • EPSS 94.36%
  • Published 10.12.2021 10:15:09
  • Last modified 08.08.2025 18:52:00

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An atta...

8.8

CVE-2019-1874

  • EPSS 0.68%
  • Published 20.06.2019 03:15:12
  • Last modified 21.11.2024 04:37:35

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to ins...

4.8

CVE-2019-1875

  • EPSS 0.16%
  • Published 20.06.2019 03:15:12
  • Last modified 21.11.2024 04:37:35

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to i...

5.4

CVE-2018-15451

  • EPSS 0.14%
  • Published 08.11.2018 20:29:00
  • Last modified 21.11.2024 03:50:49

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability ...

6.5

CVE-2018-0285

  • EPSS 0.88%
  • Published 02.05.2018 22:29:01
  • Last modified 21.11.2024 03:37:53

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability...

6.1

CVE-2018-0200

  • EPSS 0.17%
  • Published 22.02.2018 00:29:00
  • Last modified 21.11.2024 03:37:43

A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The v...

8.8

CVE-2018-0107

  • EPSS 0.33%
  • Published 18.01.2018 06:29:01
  • Last modified 21.11.2024 03:37:32

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection....

6.5

CVE-2017-12364

  • EPSS 0.33%
  • Published 30.11.2017 09:29:01
  • Last modified 20.04.2025 01:37:25

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-...

6.1

CVE-2017-3866

  • EPSS 0.29%
  • Published 17.03.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CS...