Cisco Ucs Director vulnerabilities

CVE-2022-20765 [MEDIUM] CWE-80 CVE-2022-20765: A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote a A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit

CVE-2020-3464 [MEDIUM] CWE-79 CVE-2020-3464: A vulnerability in the web-based management interface of Cisco UCS Director could allow an authentic A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could

CVE-2020-3329 [MEDIUM] CWE-284 CVE-2020-3329: A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervi A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action but

CVE-2020-3250 [CRITICAL] CWE-20 CVE-2020-3250: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3248 [CRITICAL] CWE-20 CVE-2020-3248: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3243 [CRITICAL] CWE-20 CVE-2020-3243: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3247 [CRITICAL] CWE-20 CVE-2020-3247: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3251 [HIGH] CWE-20 CVE-2020-3251: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3240 [HIGH] CWE-20 CVE-2020-3240: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3239 [HIGH] CWE-20 CVE-2020-3239: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3249 [HIGH] CWE-20 CVE-2020-3249: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3252 [MEDIUM] CWE-20 CVE-2020-3252: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Bi Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2019-16003 [MEDIUM] CWE-306 CVE-2019-16003: A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthent A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted req