Cisco Crosswork Network Automation vulnerabilities
2 known vulnerabilities affecting cisco/crosswork_network_automation.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-44228CRITICALCVSS 10.0KEVPoCv2.0.0v3.0.0+2 more2021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2019-16024MEDIUMCVSS 6.1v3.0v3.12020-01-26
CVE-2019-16024 [MEDIUM] CWE-79 CVE-2019-16024: A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could all
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-base
nvd