VYPR

Integrated Management Controller Supervisor

by Cisco Systems, Inc.

CVEs (18)

  • CVE-2017-6616HigApr 20, 2017
    risk 0.58cvss 8.8epss 0.04

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…

  • CVE-2018-0148HigFeb 22, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary…

  • CVE-2017-6619HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…

  • CVE-2018-15405MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that…

  • CVE-2018-15404MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient…

  • CVE-2017-6618MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected…

  • CVE-2017-6617MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists…

  • CVE-2018-0149MedJun 7, 2018
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting…

  • CVE-2019-1935Aug 21, 2019
    risk 0.10cvss epss 0.83

    A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which…

  • CVE-2019-1937Aug 21, 2019
    risk 0.10cvss epss 0.76

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator…

  • CVE-2019-1936Aug 21, 2019
    risk 0.08cvss epss 0.39

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux…

  • CVE-2019-1974Aug 21, 2019
    risk 0.01cvss epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an…

  • CVE-2020-3329May 6, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The…

  • CVE-2019-12634Aug 21, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The…

  • CVE-2018-15447Nov 8, 2018
    risk 0.00cvss epss 0.02

    A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries.…

  • CVE-2015-6399Dec 15, 2015
    risk 0.00cvss epss 0.02

    The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.

  • CVE-2015-6259Sep 4, 2015
    risk 0.00cvss epss 0.03

    The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka…

  • CVE-2014-8003Dec 10, 2014
    risk 0.00cvss epss 0.00

    Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.