Product:

Web_security_appliance

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 63
Date Id Summary Products Score Patch Annotated
2023-03-01 CVE-2023-20032 On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+... Secure_endpoint, Secure_endpoint_private_cloud, Web_security_appliance, Clamav, Stormshield_network_security 9.8
2023-06-28 CVE-2023-20119 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A... Secure_email_and_web_manager, Secure_email_gateway, Web_security_appliance 6.1
2021-01-20 CVE-2021-1129 A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An... Content_security_management_appliance, Email_security_appliance, Web_security_appliance 5.3