cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-15447,https://securityvulnerability.io/vulnerability/CVE-2018-15447,Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability,"A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.",Cisco,Cisco Integrated Management Controller (imc) Supervisor,6.5,MEDIUM,0.002360000042244792,false,,false,false,true,2024-08-05T10:17:52.000Z,,false,false,,2018-11-08T19:29:00.000Z,0
CVE-2018-0149,https://securityvulnerability.io/vulnerability/CVE-2018-0149,,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.",Cisco,Cisco Integrated Management Controller Supervisor And Cisco Ucs Director Unknown,4.8,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2018-06-07T21:00:00.000Z,0
CVE-2018-0148,https://securityvulnerability.io/vulnerability/CVE-2018-0148,,"A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.",Cisco,Cisco Ucs Director And Cisco Integrated Management Controller Supervisor,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2015-6399,https://securityvulnerability.io/vulnerability/CVE-2015-6399,,"The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.",Cisco,Integrated Management Controller Supervisor,,,0.0027799999807029963,false,,false,false,false,,,false,false,,2015-12-15T02:00:00.000Z,0
CVE-2015-6259,https://securityvulnerability.io/vulnerability/CVE-2015-6259,,"The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.",Cisco,Integrated Management Controller Supervisor,,,0.0007900000200606883,false,,false,false,false,,,false,false,,2015-09-04T01:00:00.000Z,0