CVE-2024-20504 Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

🗓️ 06 Nov 2024 16:29:37Reported by ciscoType

Cisco Secure Email and Web Manager GUI XSS Vulnerability CVE-2024-2050

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability in the web interface for controlling Cisco AsyncOS devices, including Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, allows attackers to execute XSS attacks.	18 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-20504	6 Nov 202416:45	–	circl
Cisco	Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability	6 Nov 202416:00	–	cisco
Tenable Nessus	Secure Email Gateway XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)	8 Nov 202400:00	–	nessus
Tenable Nessus	Cisco Secure Email and Web Manager XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)	8 Nov 202400:00	–	nessus
Tenable Nessus	Secure Web Appliance XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)	8 Nov 202400:00	–	nessus
CNNVD	Cisco AsyncOS 安全漏洞	6 Nov 202400:00	–	cnnvd
CNVD	Cisco AsyncOS Cross-Site Scripting Vulnerability	13 Nov 202400:00	–	cnvd
CVE	CVE-2024-20504	6 Nov 202416:29	–	cve
EUVD	EUVD-2024-18219	3 Oct 202520:07	–	euvd

[
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Email",
    "versions": [
      {
        "version": "14.0.0-698",
        "status": "affected"
      },
      {
        "version": "14.2.0-620",
        "status": "affected"
      },
      {
        "version": "14.2.1-020",
        "status": "affected"
      },
      {
        "version": "14.3.0-032",
        "status": "affected"
      },
      {
        "version": "15.0.0-104",
        "status": "affected"
      },
      {
        "version": "15.0.1-030",
        "status": "affected"
      },
      {
        "version": "15.5.0-048",
        "status": "affected"
      },
      {
        "version": "15.5.1-055",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Email and Web Manager",
    "versions": [
      {
        "version": "14.0.0-404",
        "status": "affected"
      },
      {
        "version": "14.1.0-223",
        "status": "affected"
      },
      {
        "version": "14.1.0-227",
        "status": "affected"
      },
      {
        "version": "14.2.0-212",
        "status": "affected"
      },
      {
        "version": "14.2.0-224",
        "status": "affected"
      },
      {
        "version": "14.2.1-020",
        "status": "affected"
      },
      {
        "version": "14.3.0-120",
        "status": "affected"
      },
      {
        "version": "15.0.0-334",
        "status": "affected"
      },
      {
        "version": "15.5.1-024",
        "status": "affected"
      },
      {
        "version": "15.5.1-029",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Web Appliance",
    "versions": [
      {
        "version": "14.1.0-032",
        "status": "affected"
      },
      {
        "version": "14.1.0-047",
        "status": "affected"
      },
      {
        "version": "14.1.0-041",
        "status": "affected"
      },
      {
        "version": "14.0.2-012",
        "status": "affected"
      },
      {
        "version": "14.5.0-498",
        "status": "affected"
      },
      {
        "version": "14.0.3-014",
        "status": "affected"
      },
      {
        "version": "14.0.4-005",
        "status": "affected"
      },
      {
        "version": "14.5.1-008",
        "status": "affected"
      },
      {
        "version": "14.5.1-016",
        "status": "affected"
      },
      {
        "version": "15.0.0-355",
        "status": "affected"
      },
      {
        "version": "15.0.0-322",
        "status": "affected"
      },
      {
        "version": "15.1.0-287",
        "status": "affected"
      },
      {
        "version": "14.5.2-011",
        "status": "affected"
      },
      {
        "version": "15.2.0-116",
        "status": "affected"
      },
      {
        "version": "14.0.5-007",
        "status": "affected"
      },
      {
        "version": "15.2.0-164",
        "status": "affected"
      },
      {
        "version": "14.5.1-510",
        "status": "affected"
      },
      {
        "version": "14.5.1-607",
        "status": "affected"
      },
      {
        "version": "14.5.3-033",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n

06 Nov 2024 16:29Current

CVSS 3.15.4

EPSS0.00192