Unified Computing System Central Software
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1352 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2016 | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | ||
| CVE-2018-0338 | Hig | 0.51 | 7.8 | 0.00 | Jun 7, 2018 | A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper… | ||
| CVE-2016-1401 | Med | 0.40 | 6.1 | 0.01 | May 21, 2016 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. | ||
| CVE-2017-12349 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2017-12348 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2024-20280 | 0.00 | — | 0.00 | Oct 16, 2024 | A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption… | |||
| CVE-2021-1354 | 0.00 | — | 0.00 | Feb 4, 2021 | A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate… | |||
| CVE-2015-6388 | 0.00 | — | 0.02 | Dec 5, 2015 | Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | |||
| CVE-2015-6387 | 0.00 | — | 0.01 | Dec 5, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. | |||
| CVE-2015-4286 | 0.00 | — | 0.02 | Jul 29, 2015 | The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||
| CVE-2015-0701 | 0.00 | — | 0.05 | May 7, 2015 | Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | |||
| CVE-2014-0730 | 0.00 | — | 0.00 | Feb 22, 2014 | Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | |||
| CVE-2013-1198 | 0.00 | — | 0.01 | Apr 29, 2013 | Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. |
- risk 0.64cvss 9.8epss 0.02
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
- risk 0.35cvss 5.4epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- risk 0.35cvss 5.4epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- CVE-2024-20280Oct 16, 2024risk 0.00cvss —epss 0.00
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption…
- CVE-2021-1354Feb 4, 2021risk 0.00cvss —epss 0.00
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate…
- CVE-2015-6388Dec 5, 2015risk 0.00cvss —epss 0.02
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.
- CVE-2015-6387Dec 5, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
- CVE-2015-4286Jul 29, 2015risk 0.00cvss —epss 0.02
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
- CVE-2015-0701May 7, 2015risk 0.00cvss —epss 0.05
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
- CVE-2014-0730Feb 22, 2014risk 0.00cvss —epss 0.00
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.
- CVE-2013-1198Apr 29, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430.