Cisco Security Monitoring Analysis And Response System vulnerabilities

CVE-2007-0397 [MEDIUM] CVE-2007-0397: The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Secu The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

CVE-2006-3733 [HIGH] CWE-264 CVE-2006-3733: jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisc jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.