Cisco Prime Collaboration Provisioning vulnerabilities

CVE-2017-6703 [MEDIUM] CWE-287 CVE-2017-6703: A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allo A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.

CVE-2017-6706 [MEDIUM] CWE-200 CVE-2017-6706: A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could al A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.

CVE-2017-6705 [MEDIUM] CWE-200 CVE-2017-6705: A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.

CVE-2017-6636 [MEDIUM] CWE-22 CVE-2017-6636: A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Re A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access contro

CVE-2017-6637 [MEDIUM] CWE-264 CVE-2017-6637: A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Re A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access c

CVE-2017-6635 [MEDIUM] CWE-264 CVE-2017-6635: A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Re A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access c

CVE-2017-6622 [CRITICAL] CWE-264 CVE-2017-6622: A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unaut A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface.

CVE-2017-6621 [HIGH] CWE-200 CVE-2017-6621: A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauth A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web

CVE-2016-6451 [MEDIUM] CWE-79 CVE-2016-6451: Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning cou Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut

CVE-2016-1416 [CRITICAL] CWE-264 CVE-2016-1416: Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, w Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.

CVE-2015-6329 [MEDIUM] CWE-89 CVE-2015-6329: SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote au SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.

CVE-2015-4307 [CRITICAL] CWE-264 CVE-2015-4307: The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.