CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2195
https://notcve.org/view.php?id=CVE-2014-2195
20 May 2014 — Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. Cisco AsyncOS en dispositivos Email Security Appliance (ESA) y Content Security Management Appliance (SMA), cuando Active Directory está habilitado, no maneja debidamente nombres de grupos, lo que permite a atacantes remo... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2014-2119
https://notcve.org/view.php?id=CVE-2014-2119
20 Mar 2014 — The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. El servicio End User Safelist/Blocklist (también conocido como SLBL) en el soft... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5537
https://notcve.org/view.php?id=CVE-2013-5537
24 Oct 2013 — The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. El framework web en dispositivos Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), y Content Security Management Applianc... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-3395 – Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-3395
02 Jul 2013 — Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. Vulnerabilidad CSRG en el framework web en los dispositivos Cisco IronPort Web Security Appliance (WSA), Email Security Appliance (ESA) y Content Security Management ... • https://packetstorm.news/files/id/122955 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3385
https://notcve.org/view.php?id=CVE-2013-3385
27 Jun 2013 — The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669,... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3384
https://notcve.org/view.php?id=CVE-2013-3384
27 Jun 2013 — The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-3386
https://notcve.org/view.php?id=CVE-2013-3386
27 Jun 2013 — The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712. El componente de IronPort Spam Quarantine (ISQ) en el framework web de IronP... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa • CWE-399: Resource Management Errors •