CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0732
https://notcve.org/view.php?id=CVE-2015-0732
29 Jul 2015 — Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vulnerabilidad de XSS en Cisco AsyncOS en la Web Security Appliance (WSA) 9.0.0-193, en Email Security Appliance ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4216
https://notcve.org/view.php?id=CVE-2015-4216
26 Jun 2015 — The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630. La característica de soporte remoto en los d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4217
https://notcve.org/view.php?id=CVE-2015-4217
26 Jun 2015 — The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. La característica de soporte remo... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2015-0624 – Cisco Ironport AsyncOS HTTP Header Injection
https://notcve.org/view.php?id=CVE-2015-0624
21 Feb 2015 — The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provoc... • https://packetstorm.news/files/id/130525 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3289
https://notcve.org/view.php?id=CVE-2014-3289
10 Jun 2014 — Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888. Vulnerabilidad de X... • http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2195
https://notcve.org/view.php?id=CVE-2014-2195
20 May 2014 — Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. Cisco AsyncOS en dispositivos Email Security Appliance (ESA) y Content Security Management Appliance (SMA), cuando Active Directory está habilitado, no maneja debidamente nombres de grupos, lo que permite a atacantes remo... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2014-2119
https://notcve.org/view.php?id=CVE-2014-2119
20 Mar 2014 — The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. El servicio End User Safelist/Blocklist (también conocido como SLBL) en el soft... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5537
https://notcve.org/view.php?id=CVE-2013-5537
24 Oct 2013 — The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. El framework web en dispositivos Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), y Content Security Management Applianc... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-3395 – Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-3395
02 Jul 2013 — Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. Vulnerabilidad CSRG en el framework web en los dispositivos Cisco IronPort Web Security Appliance (WSA), Email Security Appliance (ESA) y Content Security Management ... • https://packetstorm.news/files/id/122955 • CWE-352: Cross-Site Request Forgery (CSRF) •