Lucene search
K
CiscoContent Security Management Appliance*

6 matches found

CVE
CVE
added 2019/09/05 1:20 a.m.143 views

CVE-2019-12635

CVE-2019-12635 affects Cisco’s Content Security Management Appliance (SMA) software. The issue is in the authorization module where role permission controls are not correctly enforced, enabling an authenticated, remote attacker with a crafted/custom role to cause out-of-scope access to users’ ema...

4.3CVSS4.8AI score0.01021EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.95 views

CVE-2020-3164

Summary: CVE-2020-3164 is a GUI Denial of Service vulnerability in Cisco AsyncOS web interfaces for the Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA). It stems from improper validation of specific HTTP request headers, allowing...

5.3CVSS5.3AI score0.01281EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.79 views

CVE-2020-3117

CVE-2020-3117 affects Cisco AsyncOS API Framework in Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA). The vulnerability allows an unauthenticated, remote attacker to inject arbitrary HTTP headers into HTTP responses due to insufficient validation of user i...

4.7CVSS5AI score0.00929EPSS
CVE
CVE
added 2020/05/06 4:35 p.m.74 views

CVE-2020-3178

Cisco Content Security Management Appliance (SMA) Open Redirect vulnerabilities (CVE-2020-3178) affect the web-based GUI of Cisco AsyncOS/SMA. Multiple issues arise from improper input validation of HTTP request parameters, allowing an unauthenticated, remote attacker to intercept and modify requ...

6.1CVSS6.4AI score0.00843EPSS
CVE
CVE
added 2020/08/17 6:0 p.m.66 views

CVE-2020-3447

The CVE-2020-3447 issue affects Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). Affected component: CLI log subscriptions that are overly verbose, enabling an authenticated attacker with operator-level credentials (or higher) to access...

6.5CVSS5.6AI score0.00738EPSS
CVE
CVE
added 2021/05/06 12:40 p.m.48 views

CVE-2021-1447

CVE-2021-1447 describes a local privilege-escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) due to a flaw in the password generation algorithm. An authenticated Administrator can exploit this by enabling specific Administrator-only features and connecting to the ap...

7.2CVSS6.9AI score0.00275EPSS