Vulnerabilities > Cisco > Asyncos > 14.2.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-20942 Incorrect Authorization vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks.
network
low complexity
cisco CWE-863
6.5
6.5
2022-04-06 CVE-2022-20781 Cross-site Scripting vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
5.4
5.4