Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secure access control server solution engine vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-0700
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine prior to 5.5(0.46.5) allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCuj629...
Cisco Secure Access Control Server Solution Engine 5.5.0.36
Cisco Secure Access Control Server Solution Engine 5.5.0.46.4
Cisco Secure Access Control Server Solution Engine 5.4.0.46.6
4
CVSSv2
CVE-2013-3380
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Cisco Secure Access Control Server Solution Engine -
6.5
CVSSv2
CVE-2015-6345
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
Cisco Secure Access Control Server 5.7.0.15
4
CVSSv2
CVE-2015-6347
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
Cisco Secure Access Control Server 5.7.0.15
4.3
CVSSv2
CVE-2015-6349
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Cisco Secure Access Control Server 5.7.0.15
4
CVSSv2
CVE-2015-6348
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
Cisco Secure Access Control Server 5.7.0.15
3.5
CVSSv2
CVE-2018-0414
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote malicious user to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsi...
Cisco Secure Access Control Server Solution Engine 5.8
Cisco Secure Access Control Server Solution Engine
10
CVSSv2
CVE-2006-4098
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows prior to 4.1 and ACS Solution Engine prior to 4.1 allows remote malicious users to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server 3.1
Cisco Secure Access Control Server 3.2.2
Cisco Secure Access Control Server 3.3
Cisco Secure Access Control Server 3.2\\(1.20\\)
Cisco Secure Access Control Server 3.2\\(2\\)
Cisco Secure Access Control Server 4.0
Cisco Secure Access Control Server 4.0.1
Cisco Secure Access Control Server 3.2\\(3\\)
Cisco Secure Access Control Server 3.2.1
Cisco Secure Access Control Server 3.2
Cisco Secure Access Control Server 3.2\\(1\\)
Cisco Secure Access Control Server 3.3\\(1\\)
Cisco Secure Access Control Server 3.3.1
Cisco Secure Access Control Server 3.3.2
7.8
CVSSv2
CVE-2006-4097
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows prior to 4.1 and ACS Solution Engine prior to 4.1 allow remote malicious users to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOT...
Cisco Secure Access Control Server 4.1
Cisco Secure Access Control Server
7.5
CVSSv2
CVE-2004-1460
Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote malicious users to gain unauthorized access to AAA clients via a blank password.
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server 3.1
Cisco Secure Access Control Server 3.2
Cisco Secure Acs Solution Engine
Cisco Secure Access Control Server 3.3
Cisco Secure Access Control Server 3.3\\(1\\)
Cisco Secure Access Control Server 3.2\\(1\\)
Cisco Secure Access Control Server 3.2\\(2\\)
Cisco Secure Access Control Server 3.2\\(3\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »