Pierre Vivegnis

Researcher fromNATO Cyber Security Centre (NCSC)
#14352of 53,632
18.7Total CVSS
Vulnerabilities · 3
Medium
3
PT-2023-2883
6.4
2023-04-26
Cisco · Cisco Prime Collaboration Deployment · CVE-2023-20060
**Name of the Vulnerable Software and Affected Versions** Cisco Prime Collaboration Deployment (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This issue exists because the interface does not properly validate user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-6471
5.5
2022-09-01
Netapp · Active Iq Unified Manager · CVE-2022-23239
**Name of the Vulnerable Software and Affected Versions** Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) attack, which can be performed by administrative users. This is due to inadequate protection of the web page structure, allowing a remote attacker to conduct inter-site script attacks. **Recommendations** For versions prior to 9.11P1, update to version 9.11P1 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation.
PT-2022-6472
6.8
2022-09-01
Netapp · Active Iq Unified Manager · CVE-2022-23240
**Name of the Vulnerable Software and Affected Versions** Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 **Description** The issue is related to insufficient access control in the Active IQ Unified Manager, which allows unauthorized users to update EMS Subscriptions via unspecified vectors. This could potentially be exploited by a remote attacker. **Recommendations** For versions prior to 9.11P1, update to version 9.11P1 or later to resolve the issue. As a temporary workaround, consider restricting access to the EMS Subscriptions update functionality until a patch is available.