cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-15447,https://securityvulnerability.io/vulnerability/CVE-2018-15447,Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability,"A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.",Cisco,Cisco Integrated Management Controller (imc) Supervisor,6.5,MEDIUM,0.002360000042244792,false,,false,false,true,2024-08-05T10:17:52.000Z,,false,false,,2018-11-08T19:29:00.000Z,0
CVE-2018-0149,https://securityvulnerability.io/vulnerability/CVE-2018-0149,,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.",Cisco,Cisco Integrated Management Controller Supervisor And Cisco Ucs Director Unknown,4.8,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2018-06-07T21:00:00.000Z,0
CVE-2018-0148,https://securityvulnerability.io/vulnerability/CVE-2018-0148,,"A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.",Cisco,Cisco Ucs Director And Cisco Integrated Management Controller Supervisor,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2017-6619,https://securityvulnerability.io/vulnerability/CVE-2017-6619,,"A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.",Cisco,Cisco Integrated Management Controller,8.8,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0
CVE-2017-6618,https://securityvulnerability.io/vulnerability/CVE-2017-6618,,"A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.",Cisco,Cisco Integrated Management Controller,5.4,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0
CVE-2017-6616,https://securityvulnerability.io/vulnerability/CVE-2017-6616,,"A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.",Cisco,Cisco Integrated Management Controller,8.8,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0
CVE-2017-6617,https://securityvulnerability.io/vulnerability/CVE-2017-6617,,"A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.",Cisco,Cisco Integrated Management Controller,5.4,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0
CVE-2017-6604,https://securityvulnerability.io/vulnerability/CVE-2017-6604,,"A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.",Cisco,Cisco Integrated Management Controller,6.1,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2017-04-07T17:00:00.000Z,0
CVE-2015-6399,https://securityvulnerability.io/vulnerability/CVE-2015-6399,,"The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.",Cisco,Integrated Management Controller Supervisor,,,0.0027799999807029963,false,,false,false,false,,,false,false,,2015-12-15T02:00:00.000Z,0
CVE-2015-6259,https://securityvulnerability.io/vulnerability/CVE-2015-6259,,"The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.",Cisco,Integrated Management Controller Supervisor,,,0.0007900000200606883,false,,false,false,false,,,false,false,,2015-09-04T01:00:00.000Z,0
CVE-2014-3348,https://securityvulnerability.io/vulnerability/CVE-2014-3348,,"The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.",Cisco,"Integrated Management Controller,Unified Computing System E140d,Unified Computing System E140dp,Unified Computing System E140s M1,Unified Computing System E140s M2,Unified Computing System E160d,Unified Computing System E160dp,Unified Computing System En120s M2",,,0.026319999247789383,false,,false,false,false,,,false,false,,2014-09-10T10:00:00.000Z,0
CVE-2013-1186,https://securityvulnerability.io/vulnerability/CVE-2013-1186,,"Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.",Cisco,"Unified Computing System Infrastructure And Unified Computing System Software,Unified Computing System 6120xp Fabric Interconnect,Unified Computing System 6140xp Fabric Interconnect,Unified Computing System 6248up Fabric Interconnect,Unified Computing System 6296up Fabric Interconnect,Unified Computing System Integrated Management Controller",,,0.005239999853074551,false,,false,false,false,,,false,false,,2013-04-25T10:55:00.000Z,0
CVE-2013-1184,https://securityvulnerability.io/vulnerability/CVE-2013-1184,,"The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.",Cisco,"Unified Computing System Infrastructure And Unified Computing System Software,Unified Computing System 6120xp Fabric Interconnect,Unified Computing System 6140xp Fabric Interconnect,Unified Computing System 6248up Fabric Interconnect,Unified Computing System 6296up Fabric Interconnect,Unified Computing System Integrated Management Controller",,,0.001610000035725534,false,,false,false,false,,,false,false,,2013-04-25T10:55:00.000Z,0
CVE-2013-1185,https://securityvulnerability.io/vulnerability/CVE-2013-1185,,"The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.",Cisco,"Unified Computing System Infrastructure And Unified Computing System Software,Unified Computing System 6120xp Fabric Interconnect,Unified Computing System 6140xp Fabric Interconnect,Unified Computing System 6248up Fabric Interconnect,Unified Computing System 6296up Fabric Interconnect,Unified Computing System Integrated Management Controller",,,0.0036899999249726534,false,,false,false,false,,,false,false,,2013-04-25T10:55:00.000Z,0
CVE-2013-1182,https://securityvulnerability.io/vulnerability/CVE-2013-1182,,"The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207.",Cisco,"Unified Computing System Infrastructure And Unified Computing System Software,Unified Computing System 6120xp Fabric Interconnect,Unified Computing System 6140xp Fabric Interconnect,Unified Computing System 6248up Fabric Interconnect,Unified Computing System 6296up Fabric Interconnect,Unified Computing System Integrated Management Controller",,,0.00343999988399446,false,,false,false,false,,,false,false,,2013-04-25T10:55:00.000Z,0