Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cisco Subscribe
Filtered by product Ironport Asyncos
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3385 1 Cisco 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more 2018-10-30 7.8 HIGH N/A
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
CVE-2014-2119 1 Cisco 3 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos 2018-10-30 8.5 HIGH N/A
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
CVE-2014-3289 1 Cisco 4 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos and 1 more 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
CVE-2013-3384 1 Cisco 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more 2018-10-30 9.0 HIGH N/A
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
CVE-2013-3386 1 Cisco 3 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos 2018-10-30 7.8 HIGH N/A
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
CVE-2009-1162 1 Cisco 2 Ironport Asyncos, Ironport Email Security Appliances 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
CVE-2013-3383 1 Cisco 2 Ironport Asyncos, Web Security Appliance 2013-06-27 9.0 HIGH N/A
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.