The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
154 vulnerabilities with CWE-35
CVE-2021-1282
MEDIUM
Cisco Unified Communications Manager < 11.5\(1\)su9 - SQL Injection
CVSS 6.5
CVE-2020-26073
HIGH
Cisco Catalyst Sd-wan Manager - Path Traversal
CVSS 7.5
CVE-2020-27130
CRITICAL
Cisco Security Manager - Info Disclosure
CVSS 9.1
CVE-2018-3744
CRITICAL
Html-pages - Path Traversal
CVSS 9.8
Details
Vulnerabilities
154