Web Security Appliance@- Security Vulnerabilities and Issues — Web Security Appliance@- CVE List

Lucene search

CiscoWeb Security Appliance-

9 matches found

CVE•added 2013/07/02 3:43 a.m.•56 views

CVE-2013-3395

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka B...

6.8CVSS7.5AI score0.00122EPSS

CVE•added 2021/05/06 1:15 p.m.•54 views

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an aff...

6.5CVSS5.2AI score0.00319EPSS

CVE•added 2021/06/16 6:15 p.m.•53 views

CVE-2021-1566

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP serve...

7.4CVSS7.2AI score0.00095EPSS

CVE•added 2015/02/21 11:59 a.m.•43 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633,...

4.3CVSS6.8AI score0.00149EPSS

CVE•added 2015/02/19 12:59 a.m.•42 views

CVE-2015-0623

Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2013/10/24 10:53 a.m.•41 views

CVE-2013-5537

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via mult...

7.8CVSS7AI score0.00393EPSS

CVE•added 2014/06/10 11:19 a.m.•37 views

CVE-2014-3289

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbit...

4.3CVSS5.6AI score0.0066EPSS

CVE•added 2015/02/20 2:59 a.m.•37 views

CVE-2015-0628

The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.

5CVSS7AI score0.00184EPSS

CVE•added 2014/04/02 3:58 a.m.•32 views

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

4.3CVSS7AI score0.00211EPSS