Content Security Management Appliance@- Security Vulnerabilities and Issues — Content Security Management Appliance@- CVE List

Lucene search

CiscoContent Security Management Appliance-

9 matches found

CVE•added 2013/07/02 3:43 a.m.•56 views

CVE-2013-3395

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka B...

6.8CVSS7.5AI score0.00122EPSS

CVE•added 2021/05/06 1:15 p.m.•54 views

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an aff...

6.5CVSS5.2AI score0.00319EPSS

CVE•added 2014/05/20 11:13 a.m.•48 views

CVE-2014-2195

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

4.3CVSS7.2AI score0.00321EPSS

CVE•added 2015/02/21 11:59 a.m.•43 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633,...

4.3CVSS6.8AI score0.00149EPSS

CVE•added 2013/10/24 10:53 a.m.•41 views

CVE-2013-5537

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via mult...

7.8CVSS7AI score0.00393EPSS

CVE•added 2014/03/21 1:4 a.m.•41 views

CVE-2014-2119

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbi...

8.5CVSS7.6AI score0.01372EPSS

CVE•added 2018/11/08 5:29 p.m.•40 views

CVE-2018-15393

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insuff...

6.1CVSS5.3AI score0.00087EPSS

CVE•added 2013/06/26 9:55 p.m.•39 views

CVE-2013-3396

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2014/06/10 11:19 a.m.•37 views

CVE-2014-3289

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbit...

4.3CVSS5.6AI score0.0066EPSS