Email Security Appliance Firmware Security Vulnerabilities and Issues — Email Security Appliance Firmware CVE List

Lucene search

CiscoEmail Security Appliance Firmware

7 matches found

CVE•added 2015/07/10 7:59 p.m.•55 views

CVE-2015-4236

Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.

4.3CVSS6.9AI score0.00603EPSS

CVE•added 2014/05/20 11:13 a.m.•48 views

CVE-2014-2195

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

4.3CVSS7.2AI score0.00321EPSS

CVE•added 2015/02/21 11:59 a.m.•43 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633,...

4.3CVSS6.8AI score0.00149EPSS

CVE•added 2015/07/29 1:59 a.m.•41 views

CVE-2015-0732

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or...

4.3CVSS5.9AI score0.00296EPSS

CVE•added 2015/05/15 1:59 a.m.•41 views

CVE-2015-0734

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2015/07/16 7:59 p.m.•38 views

CVE-2015-4278

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.

4.3CVSS7AI score0.00443EPSS

CVE•added 2014/06/10 11:19 a.m.•37 views

CVE-2014-3289

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbit...

4.3CVSS5.6AI score0.0066EPSS