VYPR

Unified Computing System Director

by Cisco Systems, Inc.

CVEs (14)

  • CVE-2018-0238CriApr 19, 2018
    risk 0.65cvss 9.9epss 0.05

    A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any…

  • CVE-2017-3801HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based…

  • CVE-2018-15405MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that…

  • CVE-2018-15404MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient…

  • CVE-2018-15406MedOct 5, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due…

  • CVE-2017-3868MedMar 17, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344.…

  • CVE-2017-3817MedApr 7, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected…

  • CVE-2019-1935Aug 21, 2019
    risk 0.10cvss epss 0.83

    A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which…

  • CVE-2019-1937Aug 21, 2019
    risk 0.10cvss epss 0.76

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator…

  • CVE-2019-1936Aug 21, 2019
    risk 0.08cvss epss 0.39

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux…

  • CVE-2019-1974Aug 21, 2019
    risk 0.01cvss epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an…

  • CVE-2019-1938Aug 21, 2019
    risk 0.00cvss epss 0.05

    A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The…

  • CVE-2019-12634Aug 21, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The…

  • CVE-2015-6259Sep 4, 2015
    risk 0.00cvss epss 0.03

    The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka…