Cisco Nexus Dashboard vulnerabilities

CVE-2022-20857 [CRITICAL] CWE-306 CVE-2022-20857: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20860 [HIGH] CWE-295 CVE-2022-20860: A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticate A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Applicatio

CVE-2022-20861 [HIGH] CWE-306 CVE-2022-20861: Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD