7 matches found
CVE-2022-20664
CVE-2022-20664 affects Cisco Secure Email and Web Manager (SMA) and Cisco Email Security Appliance (ESA). The issue is an information-disclosure vulnerability in the web management interface caused by insufficient input sanitization when querying an external LDAP authentication server. An authent...
CVE-2023-20120
Cisco CVE-2023-20120 covers multiple XSS vulnerabilities in the web-based management interfaces of Cisco AsyncOS Software used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (ESA), and Cisco Secure Web Appliance (WSA). The issues arise from insufficient input validation in the ...
CVE-2023-20009
CVE-2023-20009 affects Cisco’s Web UI and administrative CLI on the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA). The issue stems from processing of a specially crafted SNMP configuration file, which, if uploaded by an authenticated user with at least operator pri...
CVE-2022-20798
Cisco’s CVE-2022-20798 vulnerability affects Cisco Secure Email and Web Manager (SMA) and Cisco Email Security Appliance (ESA). The flaw arises from improper authentication checks when external authentication uses LDAP, allowing an unauthenticated, remote attacker to bypass login and access the w...
CVE-2023-20119
CVE-2023-20119 affects Cisco AsyncOS Software for Cisco Secure Email and Web Manager (formerly Content Security Management Appliance). The web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker can entic...
CVE-2023-20028
Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (ESA) and Cisco Secure Web Appliance (WSA) web-based management interfaces are affected by cross-site scripting vulnerabilities due to insufficient input validation. The issues enable remote attackers to del...
CVE-2021-1561
Cisco Secure Email and Web Manager (formerly SMA) contains CVE-2021-1561: an authenticated remote attacker can gain unauthorized access to and modify another user’s spam quarantine settings due to improper restriction of the spam-quarantine feature. Exploitation involves sending malicious request...