cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20765,https://securityvulnerability.io/vulnerability/CVE-2022-20765,Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability,"A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.",Cisco,Cisco Ucs Director,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-05-27T14:15:00.000Z,0
CVE-2020-3464,https://securityvulnerability.io/vulnerability/CVE-2020-3464,Cisco UCS Director Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device.",Cisco,Cisco Ucs Director,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-04T08:16:41.000Z,,false,false,,2020-08-17T18:15:00.000Z,0
CVE-2020-3329,https://securityvulnerability.io/vulnerability/CVE-2020-3329,"Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability","A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.",Cisco,Cisco Ucs Director,4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-04T08:16:35.000Z,,false,false,,2020-05-06T00:00:00.000Z,0
CVE-2020-3248,https://securityvulnerability.io/vulnerability/CVE-2020-3248,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.28238001465797424,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3240,https://securityvulnerability.io/vulnerability/CVE-2020-3240,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.07745999842882156,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3243,https://securityvulnerability.io/vulnerability/CVE-2020-3243,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.9560199975967407,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3247,https://securityvulnerability.io/vulnerability/CVE-2020-3247,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.28238001465797424,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3249,https://securityvulnerability.io/vulnerability/CVE-2020-3249,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.28200000524520874,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3251,https://securityvulnerability.io/vulnerability/CVE-2020-3251,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.04058999940752983,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3252,https://securityvulnerability.io/vulnerability/CVE-2020-3252,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.002199999988079071,false,,false,false,true,2024-08-04T08:16:32.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3239,https://securityvulnerability.io/vulnerability/CVE-2020-3239,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.7870699763298035,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3250,https://securityvulnerability.io/vulnerability/CVE-2020-3250,Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Ucs Director,9.8,CRITICAL,0.9560199975967407,false,,false,false,true,2024-08-04T08:16:31.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2019-16003,https://securityvulnerability.io/vulnerability/CVE-2019-16003,Cisco UCS Director Information Disclosure Vulnerability,"A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator.",Cisco,Cisco Ucs Director,4.3,MEDIUM,0.0012799999676644802,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-01-26T05:15:00.000Z,0
CVE-2018-0149,https://securityvulnerability.io/vulnerability/CVE-2018-0149,,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.",Cisco,Cisco Integrated Management Controller Supervisor And Cisco Ucs Director Unknown,4.8,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2018-06-07T21:00:00.000Z,0
CVE-2018-0238,https://securityvulnerability.io/vulnerability/CVE-2018-0238,,"A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: The virtual machine is associated to a Virtual Data Center (VDC) that has an end user self-service policy attached to the VDC. The end user role has VM Management Actions settings configured under User Permissions. This is a global configuration, so all the virtual machines visible in the end-user portal will have the VM management actions available. The vulnerability is due to improper user authentication checks. An attacker could exploit this vulnerability by logging in to the UCS Director with a modified username and valid password. A successful exploit could allow the attacker to gain visibility into and perform actions against all virtual machines in the UCS Director end-user portal of the affected system. This vulnerability affects Cisco Unified Computing System (UCS) Director releases 6.0 and 6.5 prior to patch 3 that are in a default configuration. Cisco Bug IDs: CSCvh53501.",Cisco,Cisco Ucs Director,9.9,CRITICAL,0.002300000051036477,false,,false,false,false,,,false,false,,2018-04-19T20:00:00.000Z,0
CVE-2018-0219,https://securityvulnerability.io/vulnerability/CVE-2018-0219,,"A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg86518.",Cisco,Cisco Ucs Director,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-03-08T07:00:00.000Z,0
CVE-2018-0148,https://securityvulnerability.io/vulnerability/CVE-2018-0148,,"A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.",Cisco,Cisco Ucs Director And Cisco Integrated Management Controller Supervisor,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2017-3817,https://securityvulnerability.io/vulnerability/CVE-2017-3817,,"A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).",Cisco,Cisco Ucs Director,4.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2017-04-07T17:00:00.000Z,0
CVE-2017-3868,https://securityvulnerability.io/vulnerability/CVE-2017-3868,,"A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0).",Cisco,Cisco Ucs Director,6.1,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2017-03-17T22:00:00.000Z,0
CVE-2017-3801,https://securityvulnerability.io/vulnerability/CVE-2017-3801,,"A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.",Cisco,Cisco Ucs Director Versions 6.0.0.0 And 6.0.0.1,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-02-15T20:00:00.000Z,0