Lucene search
+L

325 matches found

Tenable Nessus
Tenable Nessus
added 2022/07/27 12:0 a.m.80 views

Cisco Secure Email and Web Manager External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks...

9.8CVSS8.7AI score0.01427EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.9 views

PT-2022-6309 · Ibm · Ibm Sterling Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling External Authentication Server version 6.1.0 IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms during installation, which could allow a local...

5.5CVSS5.2AI score0.00119EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/07/04 12:0 a.m.8 views

The vulnerability of the implementation of the Lightweight Directory Access Protocol (LDAP) in the Cisco Secure Email and Web Manager content protection device, as well as the Cisco Email Security Appliance (ESA) email security system, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Lightweight Directory Access Protocol LDAP implementation of the Cisco Secure Email and Web Manager security device, as well as the Cisco Email Security Appliance ESA email security system, is related to the lack of proper input sanitization during requests to the externa...

7.7CVSS7.2AI score0.00959EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.54 views

Cisco Secure Email and Web Manager (SMA) Information Disclosure (cisco-sa-esasma-info-dsc-Q9tLuOvM)

According to its self-reported version, Cisco Secure Email and Web Manager SMA is affected by an information disclosure vulnerability in the web management interface. This could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol...

7.7CVSS7.4AI score0.00959EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/06/17 12:0 a.m.10 views

The vulnerability of the external authentication function of the Cisco Secure Email and Web Manager (formerly known as Cisco Security Management Appliance and Cisco Email Security Appliance) relates to access control errors, allowing attackers to gain full access to the device’s web interface.

The vulnerability of the external authentication function of Cisco Secure Email and Web Manager formerly known as Cisco Security Management Appliance and Cisco Email Security Appliance is related to access control errors. Exploiting this vulnerability can allow an attacker, operating remotely, to...

10CVSS8AI score0.01427EPSS
Exploits0References3Affected Software2
NCSC
NCSC
added 2022/06/16 12:0 a.m.5 views

Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager

Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...

9.8CVSS6.9AI score0.01427EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/15 11:0 p.m.8 views

CVE-2022-20798

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

9.8CVSS7.5AI score0.01427EPSS
Exploits0References2
OSV
OSV
added 2022/06/15 6:15 p.m.4 views

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

7.7CVSS7.1AI score0.00959EPSS
Exploits0References1
OSV
OSV
added 2022/06/15 6:15 p.m.4 views

CVE-2022-20798

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

9.8CVSS5.8AI score0.01427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/06/15 5:55 p.m.16 views

CVE-2022-20798 Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

9.8CVSS7.5AI score0.01427EPSS
Exploits0References1
Cisco
Cisco
added 2022/06/15 4:0 p.m.40 views

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

9.8CVSS9.8AI score0.01427EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.4 views

Cisco多款产品 信息泄露漏洞

Cisco Email Security Appliance ESA and Cisco Secure Email are both products of Cisco USA. cisco Email Security Appliance is an email security appliance. cisco Secure Email is a Cisco Secure Email formerly Email Security provides the best protection for your email from cyber threats.Cisco Email...

7.7CVSS5.7AI score0.00959EPSS
Exploits0References5
OSV
OSV
added 2022/05/17 5:15 p.m.3 views

CVE-2021-29726

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

5.3CVSS5.8AI score0.00825EPSS
Exploits0References3
Prion
Prion
added 2022/05/17 5:15 p.m.14 views

Input validation

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104...

5CVSS5.1AI score0.00825EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2022/05/17 4:25 p.m.80 views

CVE-2021-29726

CVE-2021-29726 affects IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3. The issue is improper validation leading to a certificate not being properly associated with the host (trust management/certificate validation bypass). Reported base CVSS v3.1/3.0 scores ar...

5.3CVSS5.1AI score0.00825EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/05/17 3:1 a.m.6 views

GHSA-V2RP-9CPJ-PFW2 Salt Insecure configuration of PAM external authentication service

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

5.6CVSS5.7AI score0.00873EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.6 views

IBM Sterling Secure Proxy 信任管理问题漏洞

IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...

5.3CVSS5.6AI score0.00825EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.14 views

PT-2022-9929 · Ibm · Ibm Secure External Authentication Server +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy version 6.0.3 IBM Secure External Authentication Server version 6.0.3 Description: The issue arises from improper validation of certificates, which fails to ensure that a certificate is actually associated with the...

5.3CVSS5.2AI score0.00825EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 9:36 p.m.42 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

7.1CVSS2.3AI score0.06868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 9:28 p.m.26 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates

Summary IBM Sterling External Authentication Server does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. Vulnerability Details CVEID: CVE-2021-29726 DESCRIPTION: IBM Sterling Secure Proxy does not properly ensure that a...

5.3CVSS2AI score0.00825EPSS
Exploits0Affected Software1
Rows per page
Query Builder