Cisco Prime Collaboration Assurance vulnerabilities

5 known vulnerabilities affecting cisco/cisco_prime_collaboration_assurance.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2019-1856MEDIUMCVSS 6.1v12.12019-05-03
CVE-2019-1856 [MEDIUM] CWE-79 CVE-2019-1856: A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) c A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external
cvelistv5nvd
CVE-2019-1662CRITICALCVSS 9.1v12.1 SP22019-02-21
CVE-2019-1662 [HIGH] CWE-287 CVE-2019-1662: A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assura A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with
cvelistv5nvd
CVE-2018-15450MEDIUMCVSS 6.5vn/a2018-11-08
CVE-2018-15450 [MEDIUM] CWE-20 CVE-2018-15450: A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authentica A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful explo
cvelistv5nvd
CVE-2018-15438MEDIUMCVSS 6.5vn/a2018-10-17
CVE-2018-15438 [MEDIUM] CWE-352 CVE-2018-15438: A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could a A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the
cvelistv5nvd
CVE-2018-0458MEDIUMCVSS 6.1vn/a2018-10-05
CVE-2018-0458 [MEDIUM] CWE-79 CVE-2018-0458: A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could a A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-base
cvelistv5nvd