VYPR

Application Policy Infrastructure Controller \(apic\)

by Cisco Systems, Inc.

CVEs (31)

  • CVE-2019-1838MedMay 3, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…

  • CVE-2019-1692MedMay 3, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection…

  • CVE-2025-20117MedFeb 26, 2025
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2025-20116MedFeb 26, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input…

  • CVE-2019-1586MedMay 3, 2019
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption…

  • CVE-2025-20118MedFeb 26, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2024-20279MedAug 28, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an…

  • CVE-2019-1587MedMay 3, 2019
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate…

  • CVE-2015-6424Dec 18, 2015
    risk 0.00cvss epss 0.00

    The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.

  • CVE-2015-4235Jul 24, 2015
    risk 0.00cvss epss 0.02

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote…

  • CVE-2015-4225Jun 27, 2015
    risk 0.00cvss epss 0.01

    Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485.

Page 2 of 2