Vulnerabilities (CVE)

Vendor filter

Cisco Subscribe

Product filter

Email Security Appliance Firmware Subscribe

Filter

23 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12706 1 Cisco 1 Email Security Appliance Firmware 2019-10-10 5.0
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The...
CVE-2019-1955 1 Cisco 1 Email Security Appliance Firmware 2019-10-09 5.0
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The...
CVE-2018-15453 1 Cisco 1 Email Security Appliance Firmware 2019-10-09 7.8
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated,...
CVE-2018-0140 1 Cisco 2 Content Security Management Appliance, Email Security Appliance Firmware 2019-10-09 4.0
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string...
CVE-2017-12309 1 Cisco 1 Email Security Appliance Firmware 2019-10-09 5.0
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...
CVE-2015-4236 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2018-10-30 4.3
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug...
CVE-2013-3395 1 Cisco 4 Email Security Appliance, Web Security Appliance, Content Security Management Appliance and 1 more 2018-10-30 6.8
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers...
CVE-2014-3289 1 Cisco 5 Email Security Appliance, Ironport Asyncos, Content Security Management Appliance and 2 more 2018-10-30 4.3
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA)...
CVE-2014-2195 1 Cisco 4 Asyncos, Email Security Appliance, Content Security Management Appliance and 1 more 2018-10-30 4.3
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging...
CVE-2014-2119 1 Cisco 4 Email Security Appliance, Ironport Asyncos, Content Security Management Appliance and 1 more 2018-10-30 8.5
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before...
CVE-2015-0624 1 Cisco 4 Email Security Appliance, Web Security Appliance, Content Security Management Appliance and 1 more 2018-10-30 4.3
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs...
CVE-2013-5537 1 Cisco 4 Email Security Appliance, Web Security Appliance, Content Security Management Appliance and 1 more 2018-10-30 7.8
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause...
CVE-2015-0732 1 Cisco 4 Email Security Appliance, Web Security Appliance, Content Security Management Virtual Appliance and 1 more 2018-10-30 4.3
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033...
CVE-2015-4278 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2018-10-30 4.3
Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain,...
CVE-2015-6309 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2018-10-30 6.8
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
CVE-2015-0734 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2018-10-30 4.3
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743.
CVE-2017-6671 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2017-11-27 5.0
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter....
CVE-2016-6406 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2017-07-30 10.0
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain...
CVE-2016-6458 1 Cisco 1 Email Security Appliance Firmware 2017-07-29 5.0
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should...
CVE-2016-6462 1 Cisco 1 Email Security Appliance Firmware 2017-07-28 5.0
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an...