NotCVE - vendor:"Cisco" product:"Web Security Virtual Appliance" version:"7.1.0"

3 results (0.004 seconds)

CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-34749 – Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

https://notcve.org/view.php?id=CVE-2021-34749

18 Aug 2021 — A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an e... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-1271 – Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2021-1271

20 Jan 2021 — A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A suc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2014-2137

https://notcve.org/view.php?id=CVE-2014-2137

02 Apr 2014 — CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. Vulnerabilidad de inyección CRLF en el framework web en Cisco Web Security Appliance (WSA) 7.7 y anteriores permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de redirección a través de una URL manipulada, también conocido como Bug ID CSCuj61002... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137 • CWE-20: Improper Input Validation •