VYPR

Cisco Secure Web Appliance

by Cisco Systems, Inc.

CVEs (11)

  • CVE-2020-3367HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to…

  • CVE-2025-20184MedFeb 5, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must…

  • CVE-2022-20942MedNov 4, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve…

  • CVE-2025-20183MedFeb 5, 2025
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an…

  • CVE-2023-20120MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20028MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2022-20952MedMar 1, 2023
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that…

  • CVE-2022-20781MedApr 6, 2022
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The…

  • CVE-2022-20868MedNov 4, 2022
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid…

  • CVE-2021-1490MedMay 6, 2021
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability…

  • CVE-2025-20207MedFeb 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating…