CVE-2018-0253

< 5.8

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote att

9.8CRITICAL

CVE-2018-0147

all versions

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow

9.8CRITICAL

CVE-2017-12354

all versions

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote atta

5.3MEDIUM

CVE-2017-6769

all versions

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated

5.4MEDIUM

CVE-2017-3841

all versions

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attack

7.5HIGH

CVE-2017-3840

all versions

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attack

6.1MEDIUM

CVE-2017-3839

all versions

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow a

4.3MEDIUM

CVE-2017-3838

all versions

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based

6.1MEDIUM

CVE-2015-4219

<= 5.4.0.46.1

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do no

CVE-2015-0728

all versions

Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary

CVE-2014-2130

all versions

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allo

CVE-2015-0580

<= 5.5.0.46

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) befor

CVE-2014-8029

all versions

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect u

CVE-2014-8028

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote

CVE-2014-8027

all versions

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administ

CVE-2014-0678

all versions

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authentica

CVE-2014-0668

all versions

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inje

CVE-2014-0667

all versions

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows r

CVE-2014-0650

<= 5.4.0.46.2

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary

CVE-2014-0649

<= 5.4.0.46.6

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements,

CVE-2014-0648

<= 5.4.0.46.6

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authoriz

CVE-2014-0663

all versions

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers

CVE-2013-6974

all versions

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers

CVE-2013-6695

all versions

The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloa

CVE-2013-5536

all versions

Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attacke

CVE-2013-5470

all versions

Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote at

CVE-2013-3428

all versions

The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows rem

CVE-2013-3424

all versions

Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allow

CVE-2013-3423

all versions

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers

CVE-2013-3422

all versions

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attacke

CVE-2013-3421

all versions

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attacker

CVE-2013-1200

all versions

Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unsp

CVE-2013-1196

all versions

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent

CVE-2013-1125

all versions

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking

CVE-2011-0951

all versions

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 all