VYPR

Web Security Appliance \(wsa\)

by Cisco Systems, Inc.

CVEs (33)

  • CVE-2023-20028MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2022-20781MedApr 6, 2022
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The…

  • CVE-2022-20675MedApr 6, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management…

  • CVE-2021-1129MedJan 20, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general…

  • CVE-2020-3164MedMar 4, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an…

  • CVE-2021-1490MedMay 6, 2021
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability…

  • CVE-2021-1271MedJan 20, 2021
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The…

  • CVE-2020-3117MedSep 23, 2020
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is…

  • CVE-2021-1516MedMay 6, 2021
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive…

  • CVE-2020-3547MedSep 4, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive…

  • CVE-2015-0738May 17, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.

  • CVE-2015-0698Apr 15, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

  • CVE-2013-5537Oct 24, 2013
    risk 0.00cvss epss 0.01

    The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management…

Page 2 of 2