cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-0414,https://securityvulnerability.io/vulnerability/CVE-2018-0414,Cisco Secure Access Control Server XML External Entity Injection Vulnerability,"A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.",Cisco,Cisco Secure Access Control Server Solution Engine (acse),5.7,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2015-0700,https://securityvulnerability.io/vulnerability/CVE-2015-0700,,"Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.",Cisco,Secure Access Control Server Solution Engine,,,0.001120000029914081,false,,false,false,false,,,false,false,,2015-04-17T01:00:00.000Z,0
CVE-2013-3380,https://securityvulnerability.io/vulnerability/CVE-2013-3380,,"The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.",Cisco,Secure Access Control Server Solution Engine,,,0.0010400000028312206,false,,false,false,false,,,false,false,,2013-06-12T03:30:00.000Z,0
CVE-2004-1099,https://securityvulnerability.io/vulnerability/CVE-2004-1099,,"Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a ""cryptographically correct"" certificate with valid fields such as the username.",Cisco,"Secure Acs Solution Engine,Secure Access Control Server",,,0.015080000273883343,false,,false,false,false,,,false,false,,2005-01-10T05:00:00.000Z,0
CVE-2004-1461,https://securityvulnerability.io/vulnerability/CVE-2004-1461,,"Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.",Cisco,"Secure Access Control Server,Secure Acs Solution Engine",,,0.0035600000992417336,false,,false,false,false,,,false,false,,2004-12-31T05:00:00.000Z,0
CVE-2004-1460,https://securityvulnerability.io/vulnerability/CVE-2004-1460,,"Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.",Cisco,"Secure Access Control Server,Secure Acs Solution Engine",,,0.005270000081509352,false,,false,false,false,,,false,false,,2004-12-31T05:00:00.000Z,0
CVE-2004-1458,https://securityvulnerability.io/vulnerability/CVE-2004-1458,,The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.,Cisco,"Secure Access Control Server,Secure Acs Solution Engine",,,0.009990000165998936,false,,false,false,false,,,false,false,,2004-12-31T05:00:00.000Z,0