Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Secure Access Control Server Solution Engine
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0414 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 3.5 LOW 5.7 MEDIUM
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
CVE-2018-0218 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 4.3 MEDIUM 3.3 LOW
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.
CVE-2018-0207 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 4.3 MEDIUM 3.3 LOW
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595.
CVE-2015-0700 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.
CVE-2013-3380 1 Cisco 1 Secure Access Control Server Solution Engine 2024-11-21 4.0 MEDIUM N/A
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.