Application Services Engine

application_services_engine

Vendor: Cisco • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-1396 1Cisco 2Application Policy Infrastructure Controller Application Services Engine Nov 21, 2024 Feb 24, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic...Show more Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2021-1393 1Cisco 2Application Policy Infrastructure Controller Application Services Engine Nov 21, 2024 Feb 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic...Show more Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2020-3335 1Cisco 2Application Policy Infrastructure Controller Application Services Engine Nov 21, 2024 Jun 3, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to...Show more A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.Show less
CVE-2020-3333 1Cisco 2Application Policy Infrastructure Controller Application Services Engine Nov 21, 2024 Jun 3, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentica...Show more A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.Show less