Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
2020-04-15T21:15:35.933
2024-11-21T05:30:39.657
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | ucs_director | 6.0.0.0 | Yes |
| Application | cisco | ucs_director | 6.0.0.1 | Yes |
| Application | cisco | ucs_director | 6.0.1.0 | Yes |
| Application | cisco | ucs_director | 6.0.1.1 | Yes |
| Application | cisco | ucs_director | 6.0.1.2 | Yes |
| Application | cisco | ucs_director | 6.0.1.3 | Yes |
| Application | cisco | ucs_director | 6.5.0.0 | Yes |
| Application | cisco | ucs_director | 6.5.0.1 | Yes |
| Application | cisco | ucs_director | 6.5.0.2 | Yes |
| Application | cisco | ucs_director | 6.5.0.3 | Yes |
| Application | cisco | ucs_director | 6.5.0.4 | Yes |
| Application | cisco | ucs_director | 6.6.0.0 | Yes |
| Application | cisco | ucs_director | 6.6.1.0 | Yes |
| Application | cisco | ucs_director | 6.6.2.0 | Yes |
| Application | cisco | ucs_director | 6.7.0.0 | Yes |
| Application | cisco | ucs_director | 6.7.1.0 | Yes |
| Application | cisco | ucs_director | 6.7.2.0 | Yes |
| Application | cisco | ucs_director | 6.7.3.0 | Yes |
| Application | cisco | ucs_director_express_for_big_data | ≤ 3.7.3.0 | Yes |