Security Manager Security Vulnerabilities and Issues — Security Manager CVE List

Lucene search

CiscoSecurity Manager

5 matches found

CVE•added 2014/04/02 3:58 a.m.•34 views

CVE-2014-2138

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

4.3CVSS7.1AI score0.00211EPSS

CVE•added 2014/05/20 11:13 a.m.•33 views

CVE-2014-3265

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.

4.3CVSS5.9AI score0.0043EPSS

CVE•added 2014/07/26 11:11 a.m.•33 views

CVE-2014-3326

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.

6.5CVSS8.2AI score0.00563EPSS

CVE•added 2014/05/26 12:25 a.m.•29 views

CVE-2014-3267

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.

6.8CVSS7.5AI score0.00128EPSS

CVE•added 2014/05/26 12:25 a.m.•26 views

CVE-2014-3266

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.

4.3CVSS5.9AI score0.00309EPSS